For several decades the OECD has been playing an important role in promoting respect for privacy as a fundamental value and a condition for the free flow of personal data across borders. These Guidelines constitute the first update of the original 1980 version that served as the first internationally agreed upon set of privacy principles.
Two themes run through the updated Guidelines:
- A focus on the practical implementation of privacy protection through an approach grounded in risk management, and
- The need to address the global dimension of privacy through improved interoperability.
The expert group overseeing the revision also produced a report which identifies a number of issues that were raised but not fully addressed as part of the review process and which could be considered by candidates for possible future study.
A number of new concepts are introduced, including:
- National privacy strategies. While effective laws are essential, the strategic importance of privacy today also requires a multifaceted national strategy co-ordinated at the highest levels of government.
- Privacy management programmes. These serve as the core operational mechanism through which organisations implement privacy protection.
- Data security breach notification. This provision covers both notice to an authority and notice to an individual affected by a security breach affecting personal data.
Download the full OECD privacy framework booklet including the 2013 Privacy Guidelines
Other revisions modernise the OECD approach to transborder data flows, detail the key elements of what it means to be an accountable organisation, and strengthen privacy enforcement. As a step in a continuing process, this revision leaves intact the original “Basic Principles” of the Guidelines. Ongoing OECD work on privacy protection in a data-driven economy will provide further opportunities to ensure that its privacy framework is well adapted to current challenges.
>> See also: The OECD Going Digital project