WorldLII Home | Databases | WorldLII | Search | Feedback

Privacy Laws and Business International Report

You are here:  WorldLII >> Databases >> Privacy Laws and Business International Report >> 1999 >> [1999] PLBIRp 39

Database Search | Name Search | Recent Articles | Noteup | LawCite | Download | Help

OECD launches privacy policy generator for testing [1999] PLBIRp 39; (1999) 50 Privacy Laws and Business International Report 5

OECD launches privacy policy generator for testing

THE OECD'S PRIVACY POLICY GENERATOR will help organisations to develop website privacy policy statements. Based on the OECD Privacy Guidelines, the generator is available now for public testing.

The Organisation for Economic Cooperation and Development (OECD) has adopted a pragmatic approach to privacy issues. Part of its work on the privacy scene includes designing a questionnaire to help organisations to create privacy policies, which will be based on the organisations' answers about their data protection practices. An initial version of a privacy policy generator was made public at the end of August. It is hoped that adopting privacy policies will become commonplace, and therefore create consumer trust in electronic commerce.

There are already other privacy wizards or generators available. For example, Microsoft and the Electronic Frontiers Foundation launched their wizard in April (PL&B July '99 p.9). The OECD privacy policy generator differs from other models, however, because it clearly builds on the OECD Guidelines of 1980, also taking into account the EU Data Protection Directive, Council of Europe Convention 108, self-regulatory initiatives and US private sector initiatives.

THE GENERATOR INCLUDES AN EDUCATIONAL FUNCTION

The questionnaire provides guidance on what is consistent with the Guidelines. If an organisation gives an answer that is in breach of the Guidelines, the privacy policy generator alerts the user. The generator also includes references to the Directive and Convention 108 to allow those organisations which need to comply with these legal instruments, to take all these aspects into account.

While the aim of the wizard is to advise organisations on how to draft privacy policies that follow the OECD Privacy Guidelines, websites that post a statement created with the help of the wizard will not be labelled compliant with the Guidelines.

END OF OCTOBER DEADLINE FOR COMMENTS

The privacy policy generator has been developed in co-operation with industry, privacy experts and consumer groups. It can now be tested online by the public until the end of October. It will then be removed from the OECD website for a further review taking into account comments received from the public.

Once finalised, the generator will be available for anyone to use free of charge. However, the OECD requests organisations using the generator to make a link to the OECD pages where the generator and the supporting information can be found.

INTERNAL REVIEW FIRST

The OECD recommends that organisations conduct an internal review to establish current privacy practices before attempting to create a privacy policy. Companies that already display privacy policies on their websites could benefit from reviewing their data protection policies, and indeed, the text of any existing privacy policies. The OECD privacy policy website provides information on how to conduct an internal review, as well as what is required by the OECD Privacy Guidelines.

Accuracy and compliance are two most important aspects of a privacy policy according to the OECD. It is also important to realise that the pre-formatted statements created with the help of the generator need to be customised by the organisations themselves. The current plan is that the statements will provide basic information about the organisation, contact details for sending enquiries about the policy, description of the organisation's data processing, use of cookies, individual access and security.

Other features would be a description of the organisation's policy on sending promotional or marketing information, the possibility to opt-in/opt-out, and compliance with national or international laws and treaties / selfregulatory instruments.

The OECD Privacy Policy Generator is available for public testing until the end of October at http://www.oecd.org/dsti/sti. Comments and suggestions on the generator can be sent by e-mail to privacy.iccp@oecd.org


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/PLBIRp/1999/39.html