From a post on the always-excellent Ghosts in the Machine blog (Privacy Rights and Terror Investigations), a story on the BBC Technology site (Net growth prompts privacy update), and a pointer from DaithÃ (off-blog, via del.icio.us) in the direction of a story on OUT-LAW (International effort on privacy protection is launched), I learn that the “world’s leading industrialised nations have been forced to update privacy laws made obsolete by the huge volume of data moving around the net”. (BBC).
A committee of the Organisation for Economic Co-Operation and Development (OECD), chaired by Jennifer Stoddart, Privacy Commissioner of Canada, has recommended both minimum standards for the protection of privacy in its members states (which include Ireland), and mechanisms for sharing information about privacy violators between member states; and it suggests methods for improving communication among agencies (such as Ireland’s Data Protection Commissioner) that enforce privacy laws. As Library Boy explains, with “the increasing flow of personal data across national borders, the unlawful use of private information becomes easier and privacy advocates see a need for better ways of providing mutual assistance to one another in the enforcement of privacy laws”. For all of these reasons, it is a welcome development in the protection of privacy; as Open and Shut comments, “at least it’s a start”. From the OECD website:
OECD governments have agreed on a new framework for co-operation in the enforcement of privacy laws. The initiative is motivated by a recognition that changes in the character and volume of cross-border data flows have elevated privacy risks for individuals and highlighted the need for better co-operation among the authorities charged with providing them protection.
Embodied in the new OECD Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy [pdf], the framework reflects a commitment by governments to improve their domestic frameworks for privacy law enforcement to better enable their authorities to co-operate with foreign authorities, as well as to provide mutual assistance to one another in the enforcement of privacy laws. The Recommendation is grounded in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), which remain an influential statement of the foundations of privacy protection more then 25 years after their adoption.
The Recommendation was developed by the OECD Committee for Information, Computer and Communications Policy (ICCP) [website here], through its Working Party on Information Security and Privacy (WPISP) [website here]. The work, conducted in close cooperation with privacy enforcement authorities, was led by Jennifer Stoddart, Privacy Commissioner of Canada.
Initiatives to implement the Recommendation are already underway. The OECD has developed two model forms to facilitate privacy law enforcement co-operation. The first is a form to assist in the creation of a list of contact points in each country to co-ordinate requests for assistance. The second is a form for use by an authority in requesting assistance to help ensure that key items of information are included in the request.
The 29th International Conference of Data Protection and Privacy Commissioners to be hosted by Commissioner Stoddart in September 2007 in Montreal will be a key opportunity to progress the cooperation globally. The Recommendation will also be introduced at regional events such as the APEC privacy meetings in June 2007.
Further information about this OECD intiative, including a background report and other materials, is available at www.oecd.org/sti/privacycooperation.