Skip to main content
Data Protection / GDPR

Fairness

Fairness is the data protection principle requiring that personal data be processed lawfully, fairly and in a transparent manner that is comprehensible to the data subject.

The principle of fairness (German „Treu und Glauben“) is enshrined in Article 5(1)(a) GDPR alongside lawfulness and transparency as one of the core processing principles. It requires the controller to process personal data in a way that is fair and honest towards the data subject and does not defeat their reasonable expectations. Data may therefore not be collected or used secretly, in a misleading manner, or to the detriment of the data subject in a way they could not reasonably have anticipated.

Fairness is closely linked to transparency: processing can only be fair if the data subject knows who is processing their data and for what purpose. Recital 39 GDPR gives this concrete shape, requiring that it be transparent to natural persons that personal data concerning them are collected, used, consulted or otherwise processed and to what extent this happens. The principle thus serves as an interpretive standard for the other GDPR obligations, such as the information duties under Articles 13 and 14 and the design of consent.

In practice, fairness is not an abstract ideal but a justiciable standard against which supervisory authorities and courts measure specific processing operations. Dark patterns in consent dialogues, hidden profiling, use beyond the communicated purpose, or unequal power relationships to the detriment of the data subject can all amount to a breach of the principle, even where a legal basis formally exists. Controllers should therefore consider the principle as early as the design stage of processing (privacy by design) and regularly review their data flows for fairness and conformity with expectations.

Legal Basis

Art. 5(1)(a) GDPR; Recital 39 GDPR

Practical Example

An online retailer wants to use the customer data collected during the ordering process for extensive scoring and personalised advertising by third parties. The data protection coordinator assesses the processing against the principle of fairness: since customers placing an order cannot reasonably expect their profiles to be shared with advertising partners, tacit use would be unfair. They recommend disclosing the advertising and scoring purposes transparently in the privacy notice and obtaining a separate, non-pre-ticked consent for sharing with third parties, so that the processing matches the expected, fair use.

FAQ

Fairness requires that personal data be processed fairly and honestly without defeating the data subject's reasonable expectations. Processing may therefore not be carried out secretly, in a misleading way, or to the person's detriment. The principle is enshrined in Article 5(1)(a) GDPR.
Transparency is the precondition, fairness the outcome: processing can only be fair if the data subject knows who processes their data and for what purpose. Both principles are named together in Article 5(1)(a) GDPR and are closely intertwined.
No. Processing may formally rely on a legal basis and still breach fairness, for example through misleading consent dialogues or unexpected profiling. The principle is an independent, justiciable standard that must be observed in addition to lawfulness.

How preeco supports you

Learn how our software supports you with this topic.

Learn more

Related Terms

Legal basis Purpose limitation Transparency obligations Consent Privacy by design
Back to Glossary