Short address for this page:
The Recommendation of the OECD Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (“Privacy Guidelines”) was adopted by the OECD Council in 1980. The expert group that developed the Privacy Guidelines also produced an Explanatory Memorandum to provide additional information about the work of the expert group and to help in the interpretation and application of the Guidelines.
During 2010 the OECD marked the 30th anniversary of the Privacy Guidelines with a series of events held on (1) the impact of the Guidelines, (2) the evolving role of the individual, and (3) the economic dimensions of personal data privacy. It also produced a report on the Evolving Privacy Landscape that provides a consensus OECD view on the current context for privacy and serves as an important reference for the review of the Guidelines.
The review to date
The review of the Privacy Guidelines arises out of the Seoul Declaration for the Future of the Internet Economy, which was adopted by Ministers in June 2008. The Seoul Declaration calls for the OECD to assess the application of certain instruments, including the Privacy Guidelines, in light of “changing technologies, markets and user behaviour and the growing importance of digital identities”.
The review of the Privacy Guidelines is being conducted by the OECD Working Party on Information Security and Privacy (WPISP). As a first step in the review, OECD members have agreed on Terms of Reference to serve as a roadmap for the review. They were released at an OECD conference on Privacy Frameworks in Mexico City in November 2011 and packaged together with materials from the 30th Anniversary in publication.
The Terms of Reference highlight that, as compared with the situation 30 years ago, we are looking at a real change of scale in terms of the role of personal data in our economies, societies, and of our course, our lives. The environment in which the traditional privacy principles have to function has to take into account significant changes, for example, in:
- the volume of personal data being collected, used and stored;
- the range of analytics enabled by personal data, providing insights into individual’s movements, interests, and activities;
- the value of the societal and economic benefits enabled by new technologies and responsible data use;
- the global availability of personal data, supported by communications networks that permit continuous, multipoint data flows; and
- the extent of threats to privacy in such an environment.
The Terms of Reference also highlight that OECD members already agree on a number of elements that are key to improving the effectiveness of privacy protections. The list includes, for example, bringing greater global interoperability to privacy frameworks, elevating the importance of privacy to the highest levels in governments through national privacy strategies, better equipping privacy authorities to work cooperatively across borders, cultivating of a culture of privacy in organisations and individuals, embedding privacy by design into privacy management processes, and more.
As called for in the Terms of Reference, the WPISP has convened a multi-stakeholder group of experts from governments, privacy enforcement authorities, academics, business, civil society and the Internet technical community. The expert group is chaired by Jennifer Stoddart, Privacy Commissioner of Canada, and is addressing a number of issues bundled around the following themes:
- The roles and responsibilities of key actors
- Geographic restrictions on transborder data flows
- Proactive implementation and enforcement.
The expert group has been asked to make recommendations for consideration by OECD members by October 2012. The WPISP will then make a determination about how to act on the options presented.
Thirty Years After the OECD Privacy Guidelines
The 30th Anniversary of the OECD Privacy Guidelines
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data