A stricter regime for profiling07 June 2016
OECD Issues Revised Privacy Guidelines: Focus on Need for Interoperability
As explained by the OECD:
These new Guidelines constitute the first update of the original 1980 version that served as the first internationally agreed upon set of privacy principles.
Two themes run through the updated Guidelines. First is a focus on the practical implementation of privacy protection through an approach grounded in risk management. Second is the need for greater efforts to address the global dimension of privacy through improved interoperability. A number of new concepts are introduced, including:
• National privacy strategies. While effective laws are essential, the strategic importance of privacy today also requires a multifaceted national strategy co-ordinated at the highest levels of government.
• Privacy management programmes. These serve as the core operational mechanism through which organisations implement privacy protection.
• Data security breach notification. This provision covers both notice to an authority and notice to an individual affected by a security breach affecting personal data. (empahsis supplied)
The new Guidelines follow the work of a multi-stakeholder group of privacy professionals (in which Hogan Lovells' Christopher Wolf was a member). This group was chaired by Canada's Privacy Commissioner Jennifer Stoddart and Omer Tene, consultant to the OECD, served as rapporteur. On the basis of the work by the group, proposed revisions were developed by the OECD Working Party on Information Security and Privacy (WISP) and approved by the Committee for Information, Computer and Communications Policy (ICCP), before final adoption by the OECD Council.
The revised Guidelines come at a time when trade negotiators around the world are focusing on cross-border data flows and interoperability (e.g., in the talks over the Trans Pacific Partnership and the Transatlantic Trade and Investment Partnership) and the OECD's carefully considered thinking is expecting to have an impact on the trade talks.
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016