The OECD Issues Revised Privacy Guidelines

The Organisation for Economic Co-operation and Development (OECD) recently revised its Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

In 1980 the OECD issued Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The Guidelines have two main purposes: to reflect privacy standards and to facilitate the free flow of information for law enforcement activities. The Guidelines contain basic principles that can be adopted in national privacy legislation: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability.

The updated 2013 Guidelines are still built on the same basic principles, but claim to focus more on “practical implementation of privacy protection through an approach grounded in risk management” and to “address the global dimension of privacy through improved interoperability.”1

New concepts are introduced, including: national privacy strategies, privacy management programmes, and data security breach notification. “Other revisions modernise the OECD approach to transborder data flows, detail the key elements of what it means to be an accountable organisation, and strengthen privacy enforcement.”2

  1. The new Guidelines and explanatory text can be seen at: OECD, “OECD work on privacy,” []
  2. Ibid. []