G L O B A L I N T E R N E T P O L I C Y I N I T I A T I V E
|About GIPI||Best Practices||Policy Principles||Funding||Staff & Offices||News|
i s s u e a r e a s
|The International Legal Framework for Data Protection and Its Transposition to Developing and Transitional Countries (Dec. 2004) - Short paper summarizing the major international documents on data protection, with general observations for their transposition to developing and transitional countries.|
Privacy protection is a critical element of consumer and user trust in the online environment and a necessary condition for the development of electronic commerce. Three international organizations have developed guidelines or rules that set forth basic consumer privacy protections:
Organisation for Economic Co-operation and Development -- Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (Privacy Guidelines) (1980) http://www.oecd.org/EN/document/0,,EN-document-0-nodirectorate-no-24-10255-0,00.html
Council of Europe -- Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (1981) http://conventions.coe.int/treaty/EN/cadreprincipal.htm
Articles 4 - 10 set out the basic principles for data protection.
Internet Privacy Guidelines (23 February 1999) -- practical, non-binding advice for Internet users and service providers http://www.coe.fr/dataprotection/rec/elignes.htm
A good overview of the privacy rules and recommendations issued by the Council of Europe http://www.coe.fr/dataprotection/eintro.htm
European Union -- Data Protection Directive (1995) http://europa.eu.int/comm/internal_market/privacy/law_en.htm
Articles 5 - 17 spell out in somewhat more detail the basic privacy principles.
|Privacy and E-Government (May 2003) - report by CDT to the United Nations Department of Economic and Social Affairs as background for the World Public Sector Report on E-Government. Surveys privacy trends internationally with a focus on data in the hands of government. Describes "best practices," including privacy officers, privacy impact assessments, privacy enhancing technologies and privacy audits.|
There are two aspects to the concept of privacy:
Internet law needs to address both sets of issues.
Consumer privacy protection in the US and Europe, as well as under the guidelines of the OECD, is based on the following principles:
In Europe, data collection cannot proceed unless data subject has unambiguously given his consent (with exceptions).
The right to privacy is internationally recognized as a human right. However, most governments claim the authority to invade privacy through the following means:
These means of access to communications and stored data must be narrowly defined and subject to independent controls under strict standards. Real-time interception of communications should take place only with prior approval by a judge, issued under standards at least as strict as those for policy searches of private homes.