Which principle requires organizations to collect personal data only for specific, legitimate purposes?

The principle of Purpose Limitation is essential in privacy regulations and frameworks, as it directs organizations to collect personal data solely for specific and legitimate purposes that are clearly defined at the time of data collection. This principle ensures that individuals are aware of why their data is being collected, which promotes trust and transparency. By adhering to this principle, organizations help prevent the misuse of personal data and foster responsible data stewardship.

Purpose Limitation serves as a foundational concept in various privacy laws, such as the General Data Protection Regulation (GDPR) in the European Union. It mandates that any personal data collected must be relevant and limited to what is necessary in relation to the purposes for which they are processed, thus preventing unnecessary or excessive data collection.

In contrast, while Data Minimization focuses on limiting the amount of personal data collected, it does not specifically address the legitimacy of the purposes for which the data is collected. Transparency involves clear communication about data collection and usage practices, and Accountability relates to the organization's responsibility for managing data within legal and ethical frameworks. However, none of these principles specifically emphasize the need for personal data to be collected only for specified, legitimate purposes in the way that Purpose Limitation does.