Which of the core data protection principles from the DPA 2018 is most clearly violated by each of the following scenarios. For each scenario, identify the principle that is most clearly violated and explain why.

• i.A website invites you to provide your name and address to be entered for a prize draw. The website operators store your data in a Google spreadsheet that can be accessed without a password.
• ii.A mobile phone is protected with face recognition software. For this purpose, the phone stores a mathematical model of the user's facial profile. Every time the user employs this functionality to unlock the phone, the software also stores the background and classifies it as 'at home', 'at work', 'outdoors', etc. even though this information is not needed for recognising the user and unlocking the phone.
• iii.A photo app which allows a mobile phone user to take photos of themselves stores the photos with time data and location information in the cloud. Without the user's knowledge, some of the photos are sold as stock images by the company operating the app.