|Author||Gutwirth, Serge ♦ Wright, David ♦ De Hert, Paul|
|Source||ACM Digital Library|
|Publisher||Association for Computing Machinery (ACM)|
|Abstract||Three decades have passed since the Organisation for Economic Co-operation and Development (OECD) promulgated Guidelines on the Transborder Flows of Personal Data, and still the issue of transborder flows of personal data continues to plague policymakers, industry, and individuals who have no idea what happens to their data once that data is transmitted beyond their national jurisdictions. This article briefly reviews what happened in the 1970s, the factors that led to production of the guidelines, and some of the key points in them. We highlight the success of the guidelines, but also the shortcomings, and what is happening now to bridge the gap and ask whether an international binding convention or standard is needed. We conclude with a few modest suggestions for ensuring a new convention or standard has teeth. In the 1970s, the decade before the OECD Guidelines were promulgated, some countries had already begun to enact privacy laws applicable to the public and private sectors. The world's first data protection law was passed in the German Land of Hessen in 1970. In 1977, a Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG) followed. Sweden's Data Act of 1973 was the first comprehensive national act on privacy in the world. France's Data Protection Act, enacted in 1978 and amended in 2004, covers personal information held by government agencies and private entities. In the U.S., antecedents of the 1974 Privacy Act were the American Fair Credit Reporting Act of 1970 and a 1973 report of the Department of Health Education and Welfare (HEW) on fair information practices (FIP). In the seven-year stint between 1973 and 1980, one-third of the OECD's 30 Member countries enacted legislation intended to protect in dividuals against abuse of data related to them and to give individuals the right of access to data with a view to checking their accuracy and appropriateness. Some countries were enacting statutes that dealt exclusively with computers and computer-supported activities. Other countries preferred a more general approach irrespective of the particular data processing technology involved. The OECD became concerned that these disparities in legislation might "create obstacles to the free flow of information between countries." The OECD Council recognized that Member countries have a common interest in protecting privacy "and in reconciling fundamental but competing values such as privacy and the free flow of information." This persisting tension between data protection and the free flow of information is already obvious in the OECD Guidelines of 1980, which were intended to facilitate a harmonization of national legislation, without precluding the establishment of an international Convention at a later date. As it turned out, the Council of Europe (CoE), another international organization mainly concerned with the fostering of human rights and democracy in Europe, was working simultaneously in that direction---that of an international convention. As European countries began to adopt data protection laws, pressure grew for more uniformity of these laws. From a human rights perspective, the CoE began preparing an international convention on data protection that nevertheless also included provisions dealing with data processing abroad. Efforts were made to avoid unnecessary differences between the texts produced by the two organizations; thus, the set of basic principles of protection proposed by the OECD and the CoE are similar in many respects. On Sept. 17, 1980, the Committee of Ministers of the CoE adopted the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the first legally binding international instrument in data protection. The convention sought to establish basic principles of data protection, to reduce restrictions on transborder data flows on the basis of reciprocity, and to bring about cooperation between national data protection authorities (DPAs). Parties to the convention are required to apply the principles in their domestic legislation. Six days later, on Sept. 23, 1980, the OECD Council adopted its guidelines on transborder data flows. Although efforts were made to minimize the differences, some do occur nevertheless. The OECD Guidelines are not legally binding, whereas the CoE convention is binding on those countries that ratify it. The CoE convention only applies to personal data that are "automatically" processed, whereas the guidelines are valid for the processing of data in general, irrespective of the particular technology employed. The OECD Guidelines, unlike the CoE convention, do not mention the need to establish national data protection authorities, a crucial requirement in European data protection rules. But, all in all, the principles formulated are similar. The OECD Guidelines and the CoE convention both recognize the need to harmonize data protection standards. Like the CoE convention, the OECD Guidelines aimed to prevent interruptions in the international flow of data, but are not to be construed as a set of general privacy protection principles per se. The guidelines explicitly say that invasions of privacy by candid photography, physical maltreatment, or defamation are outside their scope.|
|Description||Affiliation: Trilateral Research & Consulting LLP, London, U.K. (Wright, David) || Vrije Universiteit Brussel (De Hert, Paul; Gutwirth, Serge)|
|Age Range||18 to 22 years ♦ above 22 year|
|Education Level||UG and PG|
|Learning Resource Type||Article|
|Publisher Place||New York|
|Journal||Communications of the ACM (CACM)|
Ministry of Human Resource Development (MHRD) under its National Mission on Education through Information and Communication Technology (NMEICT) has initiated the National Digital Library of India (NDLI) project to develop a framework of virtual repository of learning resources with a single-window search facility. Filtered and federated searching is employed to facilitate focused searching so that learners can find out the right resource with least effort and in minimum time. NDLI is designed to hold content of any language and provides interface support for leading vernacular languages, (currently Hindi, Bengali and several other languages are available). It is designed to provide support for all academic levels including researchers and life-long learners, all disciplines, all popular forms of access devices and differently-abled learners. It is being developed to help students to prepare for entrance and competitive examinations, to enable people to learn and prepare from best practices from all over the world and to facilitate researchers to perform inter-linked exploration from multiple sources. It is being developed at Indian Institute of Technology Kharagpur.
NDLI is a conglomeration of freely available or institutionally contributed or donated or publisher managed contents. Almost all these contents are hosted and accessed from respective sources. The responsibility for authenticity, relevance, completeness, accuracy, reliability and suitability of these contents rests with the respective organization and NDLI has no responsibility or liability for these. Every effort is made to keep the NDLI portal up and running smoothly unless there are some unavoidable technical issues.
Ministry of Human Resource Development (MHRD), through its National Mission on Education through Information and Communication Technology (NMEICT), has sponsored and funded the National Digital Library of India (NDLI) project.
For any issue or feedback, please write to email@example.com