THE GOVERNMENTS OF OECD MEMBER COUNTRIES1 AT THE CONFERENCE "A BORDERLESS WORLD: REALISING THE POTENTIAL OF GLOBAL ELECTRONIC COMMERCE," OTTAWA, CANADA,
CONSIDERING that the development and diffusion of digital computer and network technologies on a global scale offer social and economic benefits by encouraging information exchange, increasing consumer choice, and fostering market expansion and product innovation;
CONSIDERING that global network technologies facilitate the expansion of electronic commerce, and accelerate the growth of transborder electronic communications and transactions among governments, businesses, and users and consumers;
CONSIDERING that personal data should be collected and handled with due respect for privacy;
CONSIDERING that digital computer and network technologies enhance traditional methods for processing personal data, increase the ability to collect, gather and link large quantities of data, and to produce augmented information and consumer profiles;
CONSIDERING that digital computer and network technologies can also be used to educate users and consumers about online privacy issues and to assist them to maintain their anonymity in appropriate circumstances or to exercise choice with respect to the uses made of personal data;
CONSIDERING that in order to increase confidence in global networks, users and consumers need assurances about the fair collection and handling of their personal data, including data about their online activities and transactions;
CONSIDERING that it is necessary to ensure the effective and widespread protection of privacy by businesses which collect or handle personal data in order to increase user and consumer confidence in global networks;
CONSIDERING that transparent rules and regulations governing the protection of privacy and personal data and their effective implementation on information networks are key elements to increasing confidence in global networks;
CONSIDERING that different effective approaches to privacy protection developed by Member countries, including the adoption and implementation of laws or industry self-regulation, can work together to achieve effective privacy protection on global networks;
CONSIDERING the need for global co-operation and the necessity of industry and business taking a key role, in co-operation with consumers and governments, to provide effective implementation of privacy principles on global networks;
CONSIDERING that the technology-neutral principles of the 1980 OECD Privacy Guidelines continue to represent international consensus and guidance concerning the collection and handling of personal data in any medium, and provide a foundation for privacy protection on global networks;
REAFFIRM the objectives set forth in:
· The Recommendation concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, adopted by the Council of the OECD on 23 September 1980 (OECD Privacy Guidelines);
· The Declaration on Transborder Data Flows, adopted by the Governments of OECD Member countries on 11 April 1985; and
· The Recommendation concerning Guidelines for Cryptography Policy, adopted by the Council of the OECD on 27 March 1997.
DECLARE THAT:
· They will reaffirm their commitment to the protection of privacy on global networks in order to ensure the respect of important rights, build confidence in global networks, and to prevent unnecessary restrictions on transborder flows of personal data;
· They will work to build bridges between the different approaches adopted by Member countries to ensure privacy protection on global networks based on the OECD Guidelines;
· They will take the necessary steps, within the framework of their respective laws and practices, to ensure that the OECD Privacy Guidelines are effectively implemented in relation to global networks, and in particular:
· Encourage the adoption of privacy policies, whether implemented by legal, self-regulatory, administrative or technological means;
· Encourage the online notification of privacy policies to users;
· Ensure that effective enforcement mechanisms are available both to address non-compliance with privacy principles and policies and to ensure access to redress;
· Promote user education and awareness about online privacy issues and the means at their disposal for protecting privacy on global networks;
· Encourage the use of privacy-enhancing technologies; and
· Encourage the use of contractual solutions and the development of model contractual solutions for online transborder data flows;
They agree to review progress made in furtherance of the objectives of this Declaration within a period of two years, and to assess the need for further action to ensure the protection of personal data on global networks in pursuit of these objectives.
FURTHER DECLARE THAT THE OECD SHOULD:
· Support Member countries in exchanging information about effective methods to protect privacy on global networks, and to report on their efforts and experience in achieving the objectives of this Declaration;
· Examine specific issues raised by the implementation of the OECD Privacy Guidelines in relation to global networks and, after collection and distribution of examples of experiences on implementation of the Guidelines, provide practical guidance to Member countries on the implementation of the Guidelines in online environments, taking into account the different approaches to privacy protection adopted by Member countries and drawing on the experiences of Member countries and the private sector;
· Co-operate with industry and business as they work to provide privacy protection on global networks, as well as with relevant regional and international organisations;
· Periodically review the main developments and issues in the field of privacy protection with respect to the objectives of this Declaration;
· Take into account, inter alia, in its future work, the issues and suggested activities discussed in the Background Report accompanying this Declaration.
INVITE:
· Non-member countries to take account of this Declaration;
· Relevant international organisations to take this Declaration into consideration as they develop or revise international conventions, guidelines, codes of practice, model contractual clauses, technologies and interoperable platforms for protection of privacy on global networks;
· Industry and business to take account of the objectives of this Declaration and to work with governments to further them by implementing programmes for the protection of privacy on global networks.