Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

OECD applies Privacy Guidelines to electronic commerce [1998] PLBIRp 36; (1998) 46 Privacy Laws and Business International Report 9

OECD committed to network privacy

THE OECD COUNTRIES are committed to protecting privacy on global networks. A Ministerial Declaration from a conference, held in Ottawa, Canada in October, promises to ensure that the OECD Privacy Guidelines of 1980 are effectively implemented.

While it was clear that the OECD guidelines provide fundamental privacy principles which still apply, further study was needed on how to implement them in an online envi- ronment. The Ottawa Conference addressed this issue, and provided an overview of other privacy initiatives on electronic commerce.

Ministers or their representatives from all 29 member countries of the Organisation for Economic Co-oper- ation and Development (OECD) met in Ottawa, Canada 7-9th October at an electronic commerce conference entitled A Borderless World: Realising the Potential of Global Electronic Commerce.

The delegates, numbering almost one thousand, represented business, consumer, labour and public interest groups, and international organisa- tions. They included the World Trade Organisation, the European Union and the Inter-national Chamber of Commerce. In addition, twelve non-OECD countries attended as observers.

The conference built on the dis- cussions that took place last year at an OECD business conference in Turku, Finland (PL&B Feb ‘98 pp.14-16), and at a further workshop in February this year (PL&B May ‘98 p.21). Previous discussions had result- ed in a consensus that public confidence in privacy protection is a key issue for electronic commerce, and that private sector participation is needed. Now it was time to look at these issues in detail.

PRIVACY HIGH ON THE AGENDA The conference discussed four main themes:

1. Privacy and consumer protection,

2. Barriers to electronic commerce

3. Information infrastructure and

4. Social and economic impacts of electronic commerce.

Parallel to the ministers’ closed meeting, business, labour and con- sumer organisations held their own meetings. The ministerial meeting hosted by the Canadian Government, was chaired by John Manley, Minister of Industry. He noted the fast devel- opment in electronic commerce. In July 1997, when the OECD decided to organise the conference, electronic commerce issues were not a high pri- ority for decision makers. However, now the World Trade Organisation

(WTO) predicts that the volume of electronic commerce could rise to US

$300 billion by the year 2000.

Privacy issues were prominent on the agendas of all three groups, and speakers included Donald Johnston, Secretary General of the OECD, William Daley, US Secretary of State, Christine Varney, former Commissioner at the US Federal Trade Commission, Moira Scollay, Australian Privacy Commissioner and Marc Rotenberg, Director of the Electronic Privacy Information Center, USA.

MINISTERS COMMIT TO IMPLEMENT PRIVACY GUIDELINES

As expected, the OECD ministers adopted a declaration on the Protection of Privacy on Global Networks. The declaration reaffirms their commitment to protect personal data on global networks, including the Internet. The declara- tion does not relate solely to electronic commerce, but extends to the wider issue of the protection of individuals’ privacy in a networked environment. It highlights the means by which network technologies can be used to collect and link large quantities of data, and warns about the possibility of creating consumer profiles.

Ministers stressed that the OECD Privacy Guidelines provide the basis for privacy protection on networks, and that the different approaches to privacy protection adopted by the OECD member states can work together. They promised to take the necessary steps to ensure that the OECD Privacy Guidelines are effec- tively implemented. They also encouraged the adoption of privacy policies and informing consumers about them online.

IMPLEMENTING ONLINE PRIVACY The member states plan to examine specific issues that could arise during the implementation of the Guidelines in relation to global networks. Work is already being done by the OECD Group of Experts on Information Security and Privacy. The group aims to carry out an inventory of laws, self-regulation, contracts and technol- ogy to identify the additional

instruments which are needed.

The group’s approved programme of work for 1999-2000 also aims to facilitate the exchange of information by, for example, developing a ques- tionnaire to seek information from

edged the leading role of business in stimulating the growth in electronic commerce. However, business and governments need to work together to build consumer confidence in elec- tronic commerce.

Convention 108, and activities by the European Free Trade Association (EFTA) countries to adapt their exist- ing data protection laws to the EU Data Protection Directive.

member states about how privacy principles are formulated with regard

DECLARATION ON AUTHENTICATION ADOPTED

to global networks. Once the infor- mation has been collected, the group aims to provide practical guidance on how to implement the OECD princi- ples in an online environment.

THE ROLE OF CONTRACTS AND DATA PROTECTION AUTHORITIES

Ministers also agreed not to place any unnecessary restrictions on transbor- der flows of personal data. Contractual solutions may be used to facilitate data flows. A background report to the declaration clarifies how contracts could be successfully used, with particular attention to how redress and enforcement could be satisfactorily arranged. It suggests that Data Protection Authorities could perform proactive audits, inves- tigate complaints and take the necessary enforcement action. A pro- posal on how to penalise an organisation for violating its privacy statement on the Internet, put forward the idea of using general con- tract law for breach of a contract.

BUSINESS WANTS TO TAKE THE LEAD

The ministerial declaration on privacy recognises the role that industry and business have in ensuring that the OECD principles will be implement- ed. A coalition of international businesses put forward their own action plan for electronic commerce at the conference. It recommended that electronic commerce should be primarily led by the private sector, and that governments should recog- nise this. Business will continue to develop self-regulatory tools: tech- nologies, voluntary codes and contracts. Work is also being done to promote the legal acceptability of electronic signatures nationally and internationally.

A coalition of international businesses put forward their own action plan for electronic commerce.

WORLDWIDE ACTIVITIES IN ELECTRONIC COMMERCE

The OECD secretariat published a report on the work that has been done, and is being planned on elec- tronic commerce issues by international and regional bodies. A number of initiatives have already been taken on privacy:

1. The International Labour Organisation adopted a code on pro- tecting employees’ privacy in 1996

(PL&B July ‘98, pp.11-12), and is now promoting the code.

2. The International Standards Organisation has had various projects on privacy, for example a proposal by the Consumer Policy Advisory Committee to develop an internation- al standard on privacy. If the proposal progresses, future work may include the development of IT related aspects of such a standard.

3. The International Telecommuni- cations Union has developed standards on privacy techniques for multimedia terminals. In the future, the union is likely to develop further standards for electronic commerce issues, including privacy.

4. The WTO’s forthcoming work programme is also likely to include privacy issues.

On the regional, European level, we have the EU Data Protection Directive, the Council of Europe

Also discussed at the conference was the need for electronic authentication, to achieve secure electronic commerce using methods such as electronic signatures and encryption. The ministers adopted a declaration on Authentication for Electronic Commerce. It states that OECD member states are determined to take a non-discriminatory approach to authentication methods from other countries. They also aim to continue to work, together with business and industry, on an international level, and to organise a private sector work- shop next year.

Information about the OECD Ministerial Conference can be found on the OECD’s website at

http://www.oecd.org