THIRTY YEARS AFTER THE OECD PRIVACY GUIDELINES 2011 ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT The OECD is a unique forum where governments work together to address the economic, social and environmental challenges of globalisation. The OECD is also at the forefront of efforts to understand and to help governments respond to new developments and concerns, such as corporate governance, the information economy and the challenges of an ageing population. The Organisation provides a setting where governments can compare policy experiences, seek answers to common problems, identify good practice and work to co-ordinate domestic and international policies. The OECD member countries are: Australia, Austria, Belgium, Canada, Chile, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Korea, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, the Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States. The Commission of the European Communities takes part in the work of the OECD. © OECD 2011 Cover image: © kentoh – Fotolia.com No reproduction, copy, transmission or translation of this document may be made without written permission. Applications should be sent to OECD Publishing: [email protected] FOREWORD – 3 Foreword The OECD has played major role in shaping and defining how privacy is protected around the globe. The OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Data were the first inter- nationally agreed-upon set of privacy principles. Canada participated in the Expert Group which produced the Guidelines under the wise leadership of the Honourable Michael Kirby of Australia. The Guidelines have been extremely influential in Canada, where, with minor changes, they were incorporated into the Personal Information Protec- tion and Electronic Documents Act, Canada’s private-sector privacy law. The Guidelines were a response to two interrelated trends: a recognition of the importance of information – including personal information – in the global economy; and emerging concerns about the possible impact on the rights of individuals resulting from the automated processing of personal information made possible by the first generation of computer technology. Principle-based and technology-neutral, the Guidelines have served as an important guide and reference point for governments and policy makers. However, the world has changed dramatically in the 30-plus years since they were adopted, prompting the OECD to launch a review to assess their continued effectiveness in the new environment. Many of the changes we’ve experienced are summarised in Chapter 2 of this booklet, entitled “The Evolving Privacy Landscape: 30 Years after the OECD Privacy Guidelines”. The stand-alone technologies of the 1970s have become a ubiquitous, integrated global infrastructure. Occasional global data flows have given way to a “continuous, multipoint global flow,” highlighting the need for privacy enforcement authorities around the world to work together to develop globally effective approaches to protecting privacy. Advances in analytics and the monetisation of our digital footprints raise challenging questions about the concept of personal information and the appropriate scope for the application of privacy protections. THIRTY YEARS AFTER THE OECD PRIVACY GUIDELINES © OECD 2011 4 – FOREWORD I first became involved with the Working Party on Information Security and Privacy (WPISP) in 2005, when I was asked to head a Volunteer Group to work on cross-border privacy law enforcement co-operation. This has been a rewarding experience for me and my Office. I have been impressed by the dedication of the OECD staff members and by the depth and breadth of the expertise of the delegates who attend the WPISP meetings and of the members of the Volunteer Group that I have the honour to chair. I applaud the OECD for its leadership role in the global dialogue on the protection of privacy and I look forward to participating in the review of the Guidelines. Commissioner Jennifer Stoddart Privacy Commissioner of Canada Chair of the WPISP Privacy Volunteer Group THIRTY YEARS AFTER THE OECD PRIVACY GUIDELINES © OECD 2011 TABLE OF CONTENTS – 5 Table of contents Preface. ............................................................................................................ 6 Chapter 1. Remarks from Hon. Michael Kirby on the 30th anniversary of the OECD Privacy Guidelines ................. 7 Chapter 2. The evolving privacy landscape: 30 years after the OECD Privacy Guidelines ....................................................... 10 2.1. Main points ............................................................................................. 11 2.2. The development and influence of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data .................. 14 2.3. Current trends in the processing of personal data ................................... 28 2.4. Privacy risks in the evolving environment ............................................. 37 2.5. Considerations and challenges to existing privacy approaches .............. 43 2.6. Evolution and innovation in privacy governance ................................... 49 2.7. Conclusion .............................................................................................. 61 Chapter 3. Implementation of the 2007 OECD Recommendation on Privacy Law Enforcement Co-operation ................................ 74 3.1. Main points ............................................................................................. 74 3.2. Background............................................................................................. 76 3.3. Implementation activities supported by OECD ...................................... 78 3.4. Improving domestic measures to enable co-operation ........................... 81 3.5. Examples of cross-border co-operation .................................................. 84 3.6. Other international initiatives ................................................................. 86 3.7. Conclusion .............................................................................................. 89 Chapter 4. Terms of Reference for the review of the OECD Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data ............................. 93 Annex A. Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data ............................................. 99 Annex B. OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy .............................. 105 THIRTY YEARS AFTER THE OECD PRIVACY GUIDELINES © OECD 2011 6 – PREFACE Preface In 2010 the OECD celebrated the 30th anniversary of its ‘Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data’ (‘OECD Guidelines’) through a series of events and papers, available at www.oecd.org/sti/privacyanniversary. This material is now serving as input for a review of the Guidelines which is currently underway in the OECD and provides the content for this book. Jennifer Stoddart, Privacy Commissioner of Canada, has served as chair of a OECD volunteer group of privacy experts since 2005. In her Foreword, Commissioner Stoddart shares her perspective on the Guidelines and the role of the OECD in this area. The Honourable Michael Kirby, now retired from the Australian High Court, chaired the expert group that developed the OECD Guidelines in the late 1970s. In Chapter 1, Justice Kirby reflects on both the origins and legacy of the Guidelines. In the 30 years since the birth of the Privacy Guidelines the privacy landscape has undergone tremendous changes, which are the subject of the OECD report that serves as Chapter 2. The 1980 Guidelines are well known for their principles for the collection and handling of personal data, but they also call for co-operation in enforcement-related matters. In 2007 the OECD Council adopted a Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy. Chapter 3 of this publication is the OECD report on the implementation of this Recommendation, three years after its adoption. Chapter 4 concerns the review of the Privacy Guidelines now underway at the OECD. The “Terms of Reference” memorialise the results of the review thus far, and provide orientation to the OECD Working Party on Information Security and Privacy as it takes this work forward. The two OECD instruments discussed in this publication are reproduced as annexes: the Privacy Guidelines as Annex A and the Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy as Annex B. THIRTY YEARS AFTER THE OECD PRIVACY GUIDELINES © OECD 2011 1. THE 30TH ANNIVERSARY OF THE OECD PRIVACY GUIDELINES – 7 Chapter 1 Remarks from Hon. Michael Kirby on the 30th anniversary of the OECD Privacy Guidelines∗ One does not normally think of the Organisation for Economic Co- operation and Development (OECD) as a major player in the global elaboration of human rights. Yet, between 1978 and 1980, the Organisation established and supported an expert group, tasked with the function of preparing international guidelines on the protection of privacy. That value is recognised in many international statements of human rights, notably in the Universal Declaration of Human Rights (Art.12) and the International Covenant
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages111 Page
-
File Size-