The global economy is undergoing a digital transformation as well, and it is happening at breakneck speed. How are advanced economies to make sense of the pace of change and strike the right balance between data flows and privacy? And to what extent does there need to be a common framework? The Organisation for Economic Co-operation and Development (OECD) has published a declaration based on new principles for national adoption.
OECD countries have adopted the first intergovernmental agreement on common approaches to safeguarding privacy and other human rights and freedoms when accessing personal data for national security and law enforcement purposes.
This is the ‘OECD Declaration on Government Access to Personal Data Held by Private Sector Entities’ and the framework seeks to improve trust in cross-border data flows (something central to the digital transformation of the global economy). This is to be achieved by clarifying how national security and law enforcement agencies can access personal data under existing legal frameworks.
The new guidance marks a renewed political commitment by the 38 OECD countries. The agreement was developed at OECD’s 2022 Digital Economy Ministerial Meeting. The Declaration is open for adherence by other countries.
The guideline connects with an earlier recommendation that seeks to create a definition for data localisation and which outlines a roadmap to ensure that data localisation does not impede transborder data flows.
Commenting on the guidance, OECD Secretary-General Mathias Cormann states: “Being able to transfer data across borders is fundamental in this digital era for everything from social media use to international trade and cooperation on global health issues.”
Cormann adds: “Yet, without common principles and safeguards, the sharing of personal data across jurisdictions raises privacy concerns, particularly in sensitive areas like national security…It will help to enable flows of data between rule-of-law democracies, with the safeguards needed for individuals’ trust in the digital economy and mutual trust among governments regarding the personal data of their citizens.”
The Declaration rejects any approach to government access to personal data inconsistent with democratic values and the rule of law.
The project stemmed from growing concerns that the absence of common principles in the sensitive domains of law enforcement and national security could lead to undue restrictions on data flows. Central to the guidance are principles that set out how legal frameworks regulate government access.
The standards applied when access is sought; how access is approved, and how the resulting data is handled, are set out with the aim of providing a process for the member nations to adopt.
