For several decades the OECD has been playing an important role in promoting respect for privacy as a fundamental value and a condition for the free flow of personal data across borders. The Guidelines on the Protection of Privacy and Transborder Flows of Personal Data constitute the first update of the original 1980 version that served as the first internationally agreed upon set of privacy principles.
Two themes run through the updated Guidelines:
- A focus on the practical implementation of privacy protection through an approach grounded in risk management, and
- The need to address the global dimension of privacy through improved interoperability.
The expert group overseeing the 2013 revision also produced a report which identifies a number of issues that were raised but not fully addressed as part of the review process and which could be considered candidates for possible future study.
A number of new concepts were introduced, including:
- National privacy strategies. While effective laws are essential, the strategic importance of privacy today also requires a multifaceted national strategy co-ordinated at the highest levels of government.
- Privacy management programmes. These serve as the core operational mechanism through which organisations implement privacy protection.
- Data security breach notification. This provision covers both notice to an authority and notice to an individual affected by a security breach affecting personal data.
Download the full OECD privacy framework booklet including the 2013 Privacy Guidelines
Other revisions modernise the OECD approach to transborder data flows, detail the key elements of what it means to be an accountable organisation, and strengthen privacy enforcement. As a step in a continuing process, this revision leaves intact the original “Basic Principles” of the Guidelines. Ongoing OECD work on privacy protection in a data-driven economy will provide further opportunities to ensure that its privacy framework is well adapted to current challenges.
In 2019 the OECD is working with countries and experts to scope developments and provide practical recommendations on the implementation of the Guidelines in today's digital environment.