Policy Frameworks for Trust in the Internet economy: Updating OECD Guidelines on Privacy and Security.

23 October 2013 - A Open Forum on Security in Bali, Indonesia


The OECD has specialised in developing policy recommendations, i.e. norms that become standards without being legally binding. This approach has proven effective in facilitating dynamic development, future innovation and in including different stakeholder groups. The objective of this Open Forum is to present and discuss work to update two key OECD recommendations, namely: • The OECD Guidelines Governing Privacy and Transborder Flows of Personal Data (Privacy Guidelines) • The OECD Guidelines for the Security of Information Systems and Networks (Security Guidelines) In 1980 the OECD Council adopted Privacy Guidelines, the first internationally-agreed privacy principles. Astutely framed in concise, technology-neutral language, they have proven remarkably adaptable to technological and societal changes and influenced legislation and policy around the world. Nevertheless, changes in personal data usage, as well as new approaches to privacy protection, have left the 1980 Guidelines in need of updating in a number of respects. Key elements of the update will be discussed, along with their relevance for international developments in privacy protection. The Security Guidelines address security as an enabler for Information Technologies (IT) and the Internet to foster economic prosperity and social development. Their adoption in 2002 marked a switch from a “risk avoidance” model for the security of previously isolated and siloed information systems, to a risk assessment and management approach which enables to harness the economic and social benefits of an open and interconnected IT environment. Ten years later, the context has considerably evolved and the OECD has launched a broad multistakeholder consultation including OECD members and non-members to review the Guidelines. Key themes being explored in the review will be discussed and input sought. The desired outcome of this Open Forum is a discussion of the review and implementation of these OECD policy frameworks in a setting that is (1) is multi-stakeholder (2) global, taking particular account of the priorities and concerns of emerging and developing countries. Background material: • Information about Privacy Guidelines and their review: http://www.oecd.org/sti/privacyreview • Information about the Security Guidelines and their review: http://oe.cd/security-guidelines-review