adam's notes

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

The Guidelines on the Protection of Privacy and Transborder Flows of Personal Data are a set of guidelines created to encourage the adoption of comprehensive privacy protection practices.

  • published by the Organization for Economic Cooperation and Development (OECD) in 1980
  • revised its Privacy Principles in 2013

OECD Privacy Principles

  1. Collection Limitation Principle
    • states that:
      • data that is collected should be obtained by lawful and fair means
      • the data subject should be aware of and consent to the collection of the data where appropriate
      • and the quantity and type of data should be limited
  2. Data Quality Principle
    • focuses on
      • the accuracy and completeness of data
      • whether it is appropriately mainateined and updated
      • and whether the data retained is relevant to the purposes it is used for
  3. Purpose Specification Principle
    • purpose specification means that
      • the reasons that personal data is collected should be determined before it is collected
      • and that later data reuse is in line with the reason that the data was originally obtained
  4. Use Limitation Principle Security
    • release or disclosure of personal data should be limited to the purposes it was gathered for unless the data subject agrees to the release or it is required by law
  5. Security Safeguards Principle
    • reasonable security safeguards aimed at preventing loss, disclosure, exposure, use, or destruction of the covered data
  6. Openness Principle
    • intended to ensure that the
      • practices and policies that cover personal data are accessible
      • existence of personal data, what data is collected and stored, and what it is used for should all be disclosed
  7. Individual Participation Principle
    • includes
      • an individual’s right to know if their data has been collected and stored
      • and what that data is within a reasonable time and in a reasonable way
    • allows the subject to request that the data be corrected, deleted, or otherwise modified as needed
    • important element is the requirement that data controllers must explain why an denials of these rights are made
  8. Accountability Principle
    • makes the data controller accountable for meeting these principles

Graph View

Backlinks