CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

An update on international data privacy protection

admin by admin
December 23, 2022
in Information Security


There are seven common principles that were adopted, all in the interest of serving to the free flow of data across country borders and promoting trust between citizens and their governments.

The 38 member countries of the Organization for Economic Cooperation and Development (OECD) have recently adopted a new international agreement regulating government access to its citizens’ private data. The OECD draws on its membership from countries on several continents, including the US, Israel, Japan, Chile, the Czech Republic, and the UK. The document was released with the rather ungainly title of the “Declaration on Government Access to Personal Data Held by Private Sector Entities.”

The agreement specifically prevents personal data access that is “unconstrained, unreasonable, arbitrary or disproportionate access by members” and has specific references and controls for cross-border access. Amazingly, it has been more than 40 years since the previous OECD data privacy recommendations. This agreement attempts to clarify things and define a common policy framework, especially on what a government says is allowable and what it actually does in practice. 

“Being able to transfer data across borders is fundamental in this digital era for everything from social media use to international trade and cooperation on global health issues. Yet, without common principles and safeguards, the sharing of personal data across jurisdictions raises privacy concerns, particularly in sensitive areas like national security,” said OECD Secretary-General Mathias Cormann.

There are seven common principles that were adopted, all in the interest of serving to the free flow of data across country borders and promoting trust between citizens and their governments:

  1. A binding legal agreement from each member state will serve as the basic building block for cross-border data access.

  2. Access to private information is limited to existing laws and regulations. More importantly, data cannot be obtained for suppressing dissent or specifically targeting individuals.

  3. Human rights requirements are embedded into the data access processes and there are clearly defined emergency exceptions. 

  4. Data can only be accessed by authorized personnel with appropriate privacy measures put in place. 

  5. The legal framework of each member state will be transparent to the public. 

  6. Part of this transparency means that various oversight bodies and other reporting mechanisms will be able to review and conduct investigations when appropriate. 

  7. Violations will have specified judicial and non-judicial remedies and to compensate people for damages. This last point is significant: recent news stories have documented the differences between the EU and US privacy laws and show there is still plenty of room for improvement here. The yet-to-be-finalized EU-US Data Privacy Framework (which was announced in March by President Biden) is one example of where common ground is needed, for example.  

One issue is that the agreement isn’t legally binding. How the member states will resolve their differences and limit government surveillance isn’t clear, but at least this is a good start. 

Another issue is that members of the various member states’ intelligence agencies were not a party to any of these discussions, which is where potential surveillance abuses have occurred in the past (thank Edward Snowden) and could originate in the future. Finally, the OECD’s own Civil Society Information Society Advisory Council issued this somewhat frosty letter complaining that the agreement didn’t go far enough and that the council was shut out of most of the discussions leading up to its adoption.


Further reading:
A 2022 update on data privacy legislation
Should we require governments to share their data with the public by default?





Source link

Previous Post

Innerauthenticity ~ Future of CIO

Next Post

2022 PiTuKri ISAE 3000 Type II attestation report available with 154 services in scope

Related Posts

Information Security

New Android Banking Trojan Targeting Brazilian Financial Institutions

by admin
February 4, 2023
Information Security

Fall 2022 PCI DSS report available with six services added to compliance scope

by admin
February 4, 2023
Information Security

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

by admin
February 3, 2023
Information Security

How to improve security incident investigations using Amazon Detective finding groups

by admin
February 3, 2023
Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Next Post

2022 PiTuKri ISAE 3000 Type II attestation report available with 154 services in scope

Recommended

Initiativesofreinvention

February 4, 2023

New Android Banking Trojan Targeting Brazilian Financial Institutions

February 4, 2023

Fall 2022 PCI DSS report available with six services added to compliance scope

February 4, 2023

Initiativesofnonlinearity ~ Future of CIO

February 3, 2023

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

February 3, 2023

How to improve security incident investigations using Amazon Detective finding groups

February 3, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.