OECD agrees on rules to safeguard privacy when data is being shared

14 Dec 2022

Image: © Aoodstocker/Stock.adobe.com

OECD countries are aiming to improve trust in cross-border data flows, while Ireland looks to boost transparency in the sharing of public information.

Just a day after the EU announced it had begun the formal process to approve safe data transfers with the US, two other separate measures relating to data and privacy have been implemented.

The 38 countries of the Organisation for Economic Cooperation and Development (OECD) have agreed on a common approach to the safeguarding of privacy and other human rights and freedoms when accessing personal data for national security and law enforcement purposes.

The EU has signed up to adopt this declaration, which is also open for adherence by other countries.

The OECD declaration seeks to improve trust in cross-border data flows by clarifying how national security and law enforcement agencies can access personal data under existing legal frameworks.

“Being able to transfer data across borders is fundamental in this digital era for everything from social media use to international trade and cooperation on global health issues,” said OECD secretary-general Mathias Cormann.

“Yet, without common principles and safeguards, the sharing of personal data across jurisdictions raises privacy concerns, particularly in sensitive areas like national security.”

Cormann added that this “landmark agreement” formally recognises that OECD countries uphold common standards and safeguards.

“It will help to enable flows of data between rule-of-law democracies, with the safeguards needed for individuals’ trust in the digital economy and mutual trust among governments regarding the personal data of their citizens.”

The OECD said the declaration rejects any approach to government access to personal data inconsistent with democratic values and the rule of law. It is designed to complement the OECD’s privacy guidelines document, which has not been updated since 2013.

That document does allow for some for exceptions in the case of national security and for law enforcement purposes. The new declaration aims to articulate a set of shared principles that reflect commonalities drawn from OECD members’ existing laws and practices around privacy and human rights.

It is the result of two years of work by the OECD with a group of professionals in data protection, national security and law enforcement.

Meanwhile, the Irish Government announced the completion of the first data sharing agreements under the Data Sharing and Governance Act 2019. These are an attempt to bring full transparency to the sharing of public information across the public service in Ireland.

The OECD has praised Ireland’s approach, saying it is one of the most “forward thinking” members when it comes to the transparency of data usage.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Blathnaid O’Dea is Careers reporter at Silicon Republic

editorial@siliconrepublic.com