Consistent with the GDPR
One should also make sure that it is sufficiently clear for the customer, exactly which data are being collected, and what the purpose is. This should be done before the initial collection of data, but it should also be repeated whenever changes are made to the collection or use of data. If this is not done, then the Principle of Consent (Principle 3) will also be violated.
The Principle of Trust could also have been called “The Principle of Transparency”. In its essence, the idea is that, the entire data process, from the data collection to the use of data, should be as transparent as possible to the data subject.
The reason why we call it “The Principle of Trust”, is that transparency often means that the data collector is passive. But if you want to make sure that the customer is not surprised, it will often require an active effort from the data collector. Few things are harder to gain, and easier to lose, than trust. That’s why we say “Don’t Surprise the Customer”.
Don’t Surprise the Customer.