PART 4Intelligence services processing
CHAPTER 2Principles
The data protection principles
87The second data protection principle
1
The second data protection principle is that—
a
the purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and
b
personal data so collected must not be processed in a manner that is incompatible with the purpose for which it is collected.
2
Paragraph (b) of the second data protection principle is subject to subsections (3) and (4).
3
Personal data collected by a controller for one purpose may be processed for any other purpose of the controller that collected the data or any purpose of another controller provided that—
a
the controller is authorised by law to process the data for that purpose, and
b
the processing is necessary and proportionate to that other purpose.
4
Processing of personal data is to be regarded as compatible with the purpose for which it is collected if the processing—
a
consists of—
i
processing for archiving purposes in the public interest,
ii
processing for the purposes of scientific or historical research, or
iii
processing for statistical purposes, and
b
is subject to appropriate safeguards for the rights and freedoms of the data subject.