Exploitation of NATO data will be governed under the aegis of the NATO Data Exploitation Framework Policy, and will respect Council-approved policies on
* Information Management (Reference G),
* Records Management (Reference H),
* C3 Framework (Reference I), including Data Management (Reference J),
* Security (Reference K, Reference L),
* Management of Non-Classified Information (N), and
* Public Disclosure (Reference M),
* Retention and Disposition of NATO information (Reference O, Reference P), in addition to other relevant policies approved in the future.
* Category-specific Data Use policies (e.g. Intelligence (Reference Q), Cyber (Reference R), Geospatial (Reference S), Biometrics Framework Policy (Reference T), Battlefield Evidence Policy (Reference U), Open Source Intelligence (Reference V), etc.) will apply, where relevant, in addition to relevant internal policies and rules applicable to the NATO Enterprise.
Data are owned by the entity (NATO nation, NATO entity, or third party) which creates, produces, or collects the data and maintains content, defines access rules, negotiates and agrees to release constraints, establishes disposition instructions, and is the authority for the life-cycle of information.
The collection, storage, sharing, and exploitation of data will be subject to requirements and legal restrictions specified by the information owner and will be handled in accordance to the extant policies, and their updates, as specified in principle 2.i. All action taken on the basis of shared data will be in accordance with applicable legal and regulatory frameworks. Collected data will be managed in accordance with the applicable policies and rules, and retention and disposition will be undertaken in consultation with the NATO Archivist and the Archives Committee. iv) The lifecycle of the data and the lifecycle of the information products derived or created from that data, such as intelligence products, assessment reports, etc., may take separate pathways, with potentially different category-specific Data Use policies applied, as applicable.
Personal Data:
(1) Personal data should be accurate and kept only for as long as necessary and appropriate.
(2) Personal data should be protected and exploited securely; fairly and in accordance with applicable national and international law; and only for stated and limited purposes.