The agreement formally recognizes that OECD countries uphold common standards and safeguards.
The Organization for Economic Cooperation and Development (OECD) has released a new international agreement that it says will assist in protecting user privacy when data is accessed for national security and law enforcement reasons.
The goal of the OECD Declaration on Government Access to Personal Data Held by Private Sector Entities is to explain how security and police agencies in member countries can use the laws that are already in place to get access to personal data.
Its goal is to build trust in cross-border data transfers, which are important for the growth of the global economy.
“Being able to transfer data across borders is fundamental in this digital era for everything from social media use to international trade and cooperation on global health issues. Yet, without common principles and safeguards, the sharing of personal data across jurisdictions raises privacy concerns, particularly in sensitive areas like national security,” said OECD secretary-general Mathias Cormann.
“Today’s landmark agreement formally recognizes that OECD countries uphold common standards and safeguards. It will help to enable flows of data between rule-of-law democracies, with the safeguards needed for individuals’ trust in the digital economy and mutual trust among governments regarding the personal data of their citizens.”
Which countries are affected?
All 38 OECD nations – including the United States and the United Kingdom, as well as the European Union – signed the declaration, and it is open to others to join.
It is the result of two years of study by the OECD, and it adds to the group’s most important set of rules, the OECD Privacy Guidelines, which came out in 1980.
However, it’s uncertain if it will help smooth up the EU-US relationship over cross-border data flows. European judges have turned down agreements between the two in the past because they were worried that EU residents’ privacy could not be protected with so much US government monitoring.
The statement talks about seven principles: legal foundation, legitimate goals, approvals, data processing, openness, supervision, and remedy.
Is it enough?
Cloudica CEO Adam Kotecki said he has “mixed feelings” after reading the declaration. “On the one hand, I understand and support attempts to regulate the subject of personal data. The declaration speaks of ‘legitimate government access on the basis of common values’ and points to seven key principles that OECD countries should follow. However, the rules described in the document are ‘soft’ and I have doubts whether they will actually contribute to the safe and effective use of personal data by Member States,” Kotecki said.
“However, it is probably only a declaration of willingness and a tiny contribution to the establishment of practical rules. Apparently, there was no consensus for more rigorous rules in today’s political conditions.”