The Accountability Principle in Data Protection Regulation: Origin, Development and Future Directions

Accountability made its formal debut in the field of international data protection more than 30 years ago, when it was adopted as a data protection principle in the Organization for Economic Cooperation and Development (OECD) Guidelines.4 As of late, the policy discourse on the regulation of data protection has been rife with references to accountability. Most notably, in 2010, the Article 29 Data Protection Working Party issued an Opinion on the principle of accountability in which it elaborated upon the possibility of including a general provision on accountability in the revised Data Protection Directive.5 The European Commission has also made a reference to the possibility of introducing a principle of accountability in its subsequent Communication outlining a strategy for modernising the EU data protection framework.6 Within the context of these documents, the introduction of an accountability principle is seen mainly as a way to help ensure ‘that data controllers put in place effective policies and mechanisms to ensure compliance with data protection rules’.7 While this objective is in line with previous iterations of the principle of accountability, important nuances exist among the various documents which have promulgated accountability as a data protection principle.