The OECD signs “historic” privacy agreement 

OECD _hero

The agreement formally recognizes that OECD countries uphold common standards and safeguards.

The Organization for Economic Cooperation and Development (OECD) has released a new international agreement that it says will assist in protecting user privacy when data is accessed for national security and law enforcement reasons. 

The goal of the OECD Declaration on Government Access to Personal Data Held by Private Sector Entities is to explain how security and police agencies in member countries can use the laws that are already in place to get access to personal data. 

Its goal is to build trust in cross-border data transfers, which are important for the growth of the global economy. 

“Being able to transfer data across borders is fundamental in this digital era for everything from social media use to international trade and cooperation on global health issues. Yet, without common principles and safeguards, the sharing of personal data across jurisdictions raises privacy concerns, particularly in sensitive areas like national security,” said OECD secretary-general Mathias Cormann. 

“Today’s landmark agreement formally recognizes that OECD countries uphold common standards and safeguards. It will help to enable flows of data between rule-of-law democracies, with the safeguards needed for individuals’ trust in the digital economy and mutual trust among governments regarding the personal data of their citizens.” 

Which countries are affected?

All 38 OECD nations – including the United States and the United Kingdom, as well as the European Union – signed the declaration, and it is open to others to join. 

It is the result of two years of study by the OECD, and it adds to the group’s most important set of rules, the OECD Privacy Guidelines, which came out in 1980. 

However, it’s uncertain if it will help smooth up the EU-US relationship over cross-border data flows. European judges have turned down agreements between the two in the past because they were worried that EU residents’ privacy could not be protected with so much US government monitoring. 

The statement talks about seven principles: legal foundation, legitimate goals, approvals, data processing, openness, supervision, and remedy. 

Is it enough?

Cloudica CEO Adam Kotecki said he has “mixed feelings” after reading the declaration. “On the one hand, I understand and support attempts to regulate the subject of personal data. The declaration speaks of ‘legitimate government access on the basis of common values’ and points to seven key principles that OECD countries should follow. However, the rules described in the document are ‘soft’ and I have doubts whether they will actually contribute to the safe and effective use of personal data by Member States,” Kotecki said. 

“However, it is probably only a declaration of willingness and a tiny contribution to the establishment of practical rules. Apparently, there was no consensus for more rigorous rules in today’s political conditions.” 


Ready to meet the only technology partner you'll ever need?

Cloudica needs the information you provide to contact you about our services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy policy.

Once the above questions have been answered, a disaster recovery and backup readiness index can be calculated based on the following scale: 

  • Level 1: Inadequate – The organization has significant gaps in its disaster recovery and backup posture.  
  • Level 2: Developing – The organization has some disaster recovery and backup processes in place, but significant improvements are needed.  
  • Level 3: Mature – The organization has a mature disaster recovery and backup posture, but there is room for improvement.  
  • Level 4: Robust – The organization has a strong disaster recovery and backup posture and is well-prepared to address potential disruptions.  
  • Level 5: Exceptional – The organization has a comprehensive and mature approach to disaster recovery and backup. 

The disaster recovery and backup readiness index can be calculated by assigning a score of 1-5 to each question based on the level of readiness demonstrated. The scores are then averaged across all questions in each category to determine the readiness level for that category. The overall disaster recovery and backup readiness index is calculated by averaging the readiness levels across all categories. 

Level 1: Basic
You have minimal cybersecurity processes in place and face a high risk of cyberattacks. Immediate attention and significant improvements are necessary to enhance your security posture.

Level 2: Developing
You have some cybersecurity processes in place but require substantial improvements to reach a mature state. You should focus on strengthening your policies, procedures, and security controls.

Level 3: Mature
You have a solid cybersecurity posture, but there is still room for improvement. You should continue enhancing your processes, monitoring capabilities, and incident response practices.

Level 4: Advanced
You have a strong cybersecurity posture and are well-prepared to address potential threats. However, you should remain proactive and stay abreast of emerging threats and technologies to maintain your advanced level of security.

Level 5: Leading
You have a comprehensive and mature approach to cybersecurity. You are a leader in cybersecurity best practices and continually innovate to stay ahead of evolving threats.

Dziękujemy za rejestrację!

Link do webinaru otrzymają Państwo mailowo dzień przed spotkaniem.

23 Marca 2023

10:00 via MS Teams

Tomasz Woźniak

Thank you!

To download our e-book „The best way to Outsource IT Staff” click button below