Tiny URL for this page: oe.cd/privacy
Over many decades the OECD has played an important role in promoting respect for privacy as a fundamental value and a condition for the free flow of personal data across borders. The cornerstone of OECD work on privacy is its newly revised Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (2013).
Another key component of work in this area aims to improve cross-border co-operation among privacy law enforcement authorities. This work produced an OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy in 2007 and inspired the formation of the Global Privacy Enforcement Network, to which the OECD provides support.
Other projects have examined privacy notices and considered privacy in the context of horizontal issues such as radio frequency indentification (RFID), digital identity management, and looked at metrics to inform policy making in these areas. The important role of privacy is also addressed in the OECD Recommendation on Principles for Internet Policy Making (2011) and the Seoul Ministerial Declaration on the Future of the Internet Economy (2008).
Current work is examining privacy-related issues raised by large-scale data use and analytics. An expert roundtable was held in support of that work in March 2014. It is part of a broader project on the data-driven innovation and growth, which already produced a preliminary report identifying key issues.
The revisions agreed in 2013 include:
These new Guidelines constitute the first update of the original 1980 version that served as the first internationally agreed upon set of privacy principles.
Two themes run through the updated Guidelines. First is a focus on the practical implementation of privacy protection through an approach grounded in risk management. Second is the need for greater efforts to address the global dimension of privacy through improved interoperability. A number of new concepts are introduced, including:
Other revisions modernise the OECD approach to transborder data flows, detail the key elements of what it means to be an accountable organisation, and strengthen privacy enforcement. As a step in a continuing process, this revision leaves intact the original “Basic Principles” of the Guidelines. On-going work by the OECD on privacy protection in a data-driven economy will provide further opportunities to ensure that its privacy framework is well adapted to current challenges.
The process to revise the Guidelines was led by the OECD’s Working Party on Information Security and Privacy (WPISP) working from terms of reference released at an OECD conference on global interoperability in Mexico City in November 2011. Preparatory work for the 2013 revision was conducted in the context of the 30th anniversary of the original Guidelines, marked by a series of conferences and papers.
In accordance with the terms of reference, the WPISP convened a multi-stakeholder group of experts from governments, privacy enforcement authorities, academia, business, civil society and the Internet technical community. This expert group was chaired by Jennifer Stoddart, Privacy Commissioner of Canada. Omer Tene, consultant to the OECD, served as rapporteur. On the basis of the work by the expert group, proposed revisions were developed by the WPISP and approved by the Committee for Information, Computer and Communications Policy (ICCP), before final adoption by the OECD Council.
The expert group also produced a report on its work. The document identifies a number of issues that were raised but not fully addressed as part of the review process and which could be considered as candidates for possible future study.