Accountability refers to holding the service provider responsible for any violations of privacy policies, including ensuring that their practices comply with legal standards and regulations.

Anonymisation involves removing all identifiable markers from data so that it cannot be traced back to an individual, ensuring that personal information is irreversibly obscured.

Involves identifying the types of data collected, such as IP addresses, phone numbers, and credit card information. It distinguishes between personally identifiable information and anonymous data and emphasises data minimisation by collecting only necessary data for service provision

The key aspects of control are consent, opt-out options, self-determination, influence over data handling, and user-friendly privacy settings.

Correctness involves correcting incorrect or no longer valid data after it has been disclosed, ensuring that it remains accurate and up-to-date.

Addresses the balance between privacy and the utility of a service, ensuring users are not forced to choose between maintaining their privacy and accessing a service's full capabilities. It involves designing systems that don't restrict features or services unless personal data is provided, thereby preventing artificial limitations that could coerce users into sharing more personal information than they are comfortable with for full functionality.

Pseudonymisation refers to replacing personal identifiers in data with artificial identifiers or pseudonyms, allowing data to be matched with individuals only when combined with additional information, thereby reducing the risk of privacy breaches while maintaining data utility.

Collected data can be used for purposes such as service provision, advertising, and profiling. Also considers the legal basis for data processing, including legal requirements or vital/public interest.

How long is the collected data stored? This attribute addresses the duration of data storage to ensure that data are not kept longer than necessary.

Refers to allowing individuals to request the deletion or removal of their personal data.

Refers to selling personal data to third parties for commercial gain.

The security attribute focuses on the technical measures to protect data from unauthorised or malicious access, ensuring that personal information is safeguarded against potential breaches or cyber threats.

The sharing attribute refers to whether and how collected data is shared with third parties without monetary compensation. This includes sharing data with other companies, advertisers, research institutions, and other external entities. Sharing can encompass both voluntary and unintentional disclosures.

The ability users have to access information about how their personal data is handled, including through open-source code, privacy policies, and regular audits. Also involves proactive distribution of information to users, demonstrating the implementation of privacy attributes to data subjects and regulators.