The international free flow of information has become fundamental in a data-driven economy. Yet the increasingly extensive use and movement of personal data creates greater privacy risks for an individual’s digital data trail; and while nearly 99 countries worldwide have some form of data privacy laws, the legal disparities can hinder transborder data flow. Acknowledging the need for a unified standard, the Organisation for Economic Co-Operation and Development (OECD) has published a revised version of the 1980 Guidelines on the ‘protection of privacy and transborder flows of personal data.’
The original guidelines informed and became the basis for many countries' data protection laws, including those in Europe. Fundamentally, the revised version leaves the original privacy principles unchanged, and are widely familiar:
- Fair, lawful and limited collection of personal data obtained with the knowledge and consent of the individual
- Data is relevant for purpose collected, is complete, and kept up to date
- Use of data for new purposes must either be compatible with the original purpose and new uses, or disclosures require consent
- Use of reasonable security safeguards to protect data and accountability of any data controller
- Individual right of access to data held, and the right to have data erased, rectified or amended
The OECD guidelines suggest that to manage global privacy risks, there must be improved interoperability, with national strategies between states co-ordinated at government level, and cross-border co-operation between privacy enforcement authorities.