26 October 2013

International Economic Organisation OECD Publishes Revised Guidelines On The Protection Of Privacy And Transborder Flows Of Personal Data.

Reed Smith (Worldwide)


Reed Smith (Worldwide) logo
Reed Smith is a dynamic international law firm helping clients move their businesses forward. By delivering smart, creative legal services, we enrich clients' experiences with us and support achievement of their business goals. Our longstanding relationships and collaborative structure enable the speedy resolution of complex disputes, transactions, and regulatory matters.
The international free flow of information has become fundamental in a data-driven economy.
Worldwide Privacy
To print this article, all you need is to be registered or login on

The international free flow of information has become fundamental in a data-driven economy. Yet the increasingly extensive use and movement of personal data creates greater privacy risks for an individual's digital data trail; and while nearly 99 countries worldwide have some form of data privacy laws, the legal disparities can hinder transborder data flow. Acknowledging the need for a unified standard, the Organisation for Economic Co-Operation and Development (OECD) has published a revised version of the 1980 Guidelines on the 'protection of privacy and transborder flows of personal data.'

The original guidelines informed and became the basis for many countries' data protection laws, including those in Europe. Fundamentally, the revised version leaves the original privacy principles unchanged, and are widely familiar:

  • Fair, lawful and limited collection of personal data obtained with the knowledge and consent of the individual
  • Data is relevant for purpose collected, is complete, and kept up to date
  • Use of data for new purposes must either be compatible with the original purpose and new uses, or disclosures require consent
  • Use of reasonable security safeguards to protect data and accountability of any data controller
  • Individual right of access to data held, and the right to have data erased, rectified or amended

Data controller accountability is reinforced in the revised guidelines, regardless of data location, and regardless of whether it remains within their own operations, those of its agents, or is transferred to another data controller. The OECD recommends the use of tailored privacy management programs and privacy impact assessments to manage the risk of data breach. The OECD also encourages contractual provisions requiring compliance with a data controller's privacy policy, notification protocols in the event of a security breach, and response plans for data breaches and data subject inquiries.

The OECD guidelines suggest that to manage global privacy risks, there must be improved interoperability, with national strategies between states co-ordinated at government level, and cross-border co-operation between privacy enforcement authorities.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More