In 1980, the OECD agreed upon eight principles for privacy. The first principle is the collection limitation. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means. Where appropriate, with the knowledge or consent of the data subject. The second principle is the data quality principle. Personal data should be relevant to the purposes for which they are used, and to the extent necessary for those purposes, they should be accurate, complete, and kept up to date. The third principle is the so-called purpose specification principle. The purpose for which personal data are collected should be specified not later than at the time of data collection. The subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. The fourth principle is to use limitation principle. Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified in accordance with paragraph nine, except with the consent of the data subject or by the authority of law. Then the fifth principle is the security safeguard principle. Personal data should be protected by reasonable security, safeguards against such risk as loss or unauthorized access, destruction use, modification or disclosure. The sixth principle is the so-called openness principle. There should be a general policy of openness about developments, practices, and policies with respect to personal data. The seventh principle is about individual participation. Namely, that an individual should be able to obtain data from a data controller or get confirmation of the fact that his data is collected by this data controller. That you are allowed to get access to it eventually by a charge. This individual participation principle is allowing the individual to get knowledge or to become knowledgeable about the data that has been collected about him. The eighth, and last principle is the so-called accountability principle. That the data controller should be accountable for complying with measures which give effect to the principles as stated above.