HAVING REGARD to Article 5 b) of the Convention on the Organisation for Economic Co-operation and Development of 14 December 1960;
HAVING REGARD to Rule 18 b) of the Rules of Procedure;
HAVING REGARD to the Declaration on Authentication for Electronic Commerce [C(98)177];
HAVING REGARD to the Recommendation of the Council Concerning Guidelines for the Security of Information Systems and Networks - Towards a Culture of Security [C(2002)131/FINAL] hereinafter the "Guidelines for the Security of Information Systems and Networks";
HAVING REGARD to the Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data [C(80)58/FINAL];
RECOGNISING that trust is a key condition for many online transactions to take place, and that, within a broader system of measures and strategies, electronic authentication of persons and entities plays an important role in this respect;
RECOGNISING that electronic authentication, which is an essential component of the verification and management of identities online, provides a level of assurance as to whether the other party is who or what it claims to be; and thereby reduces the uncertainty inherent in domestic and cross-border electronic interactions and transactions;
RECOGNISING that effective electronic authentication helps to strengthen systems and network security, as well as privacy by reducing risks such as unauthorised access to personal data, identity theft and data breaches, and by providing additional means of accountability;
RECOGNISING that electronic authentication is an important element in the continued development of governmental and other social and individual activities online, enables the creation of new business opportunities, contributes to the development of electronic commerce, and is a key component of a viable and sustainable Internet;
RECOGNISING finally, that this Recommendation addresses electronic authentication of persons and entities, but does not address other aspects of electronic authentication, such as legal assurance of validity of documents or electronic signatures;
On the proposal of the Committee for Information, Computer and Communications Policy:
RECOMMENDS that Member countries:
· Work towards establishing technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities, consistent with the OECD Guidelines for the Security of Information Systems and Networks and the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data;
· Foster the development, provision and use of electronic authentication products and services that embody sound business practices, including technical and non technical safeguards to meet the participants' needs, in particular with respect to security and privacy of their information and identity;
· In both the private and public sectors, encourage business and legal compatibility and technical interoperability of authentication schemas, to facilitate cross-sectoral and cross-jurisdictional online interactions and transactions and to ensure that authentication products and services can be deployed at both national and international levels;
· Take steps to raise the awareness of all participants, including those in non-member economies, on the benefits of the use of electronic authentication at national and international levels.
RECALLS the Guidance on Electronic Authentication [DSTI/ICCP/REG(2006)3/REV3] which may assist Member countries in developing effective and compatible approaches to electronic authentication, both at the national and international levels.
INVITES non-member economies to take account of this Recommendation.
INSTRUCTS the Committee for Information, Computer and Communications Policy to monitor developments connected with electronic authentication in OECD Member countries and other international forums, and review this Recommendation within three years of its adoption and thereafter as appropriate.