Wednesday, January 19, 2022

Privacy experts split on changing OECD guidelines

A fight may be shaping up between experts who want to loosen recommended government privacy guidelines for developed countries and those who fear changes will lead to greater privacy infractions by government and enterprises.

The split emerged earlier this month when a report was released by three privacy experts — Ann Cavoukian, Ontario’s information and privacy commissioner; Khaled El Emam,  Canada research chair in electronic health information at the University of Ottawa and Alexander Dix, commissioner for data protection for the German state of Berlin.

They  complained about what they see is a proposal to diminish certain principles set out in guidelines by the OECD (Organization for Economic Co-operation and Development).

That proposal came from a trio asked to look into whether the 1980 OECD guidelines for data protection – called Fair Information Practice Principles (FIPPs)– should be changed.  That report, written by Fred Cate, an Indiana University law professor; Peter Cullen, Microsoft Corp.’s general manger of trustworthy computing; and Viktor Mayer-Schonberger, professor of Internet governance at Oxford, recommended the guidelines shift responsibility for personal data protection away from individuals, and have governments and organizations be more transparent on how personal data will be used.

Among their recommendations is to “restore the balance between privacy and the free flow of information that was the original goal of the OECD Guidelines, and avoid suppressing innovation with overly restrictive or inflexible data privacy laws.”

“Encouraging the weighing of harms, benefits, and measures to mitigate harm means that unique circumstances should be given consideration,” Cate report says in part. “In addition, the principles address data collection by government entities separately and require “clear and understandable notice” when personal data “affecting the employment, health care, financial products or services, or legally protected rights of an individual” is involved.

It also says data users should be made more accountable for the personal data they access, store, and use, and held liable when harm to data subjects occurs.

However, the Cavoukian group calls the proposals “alarming.”

“We believe the proposal reflects a paternalistic approach to data protection that, if implemented, will likely weaken rather than strengthen privacy in the 21st century,” they say. “Leaving it up to companies and governments to determine the acceptable secondary uses of personal data is a flawed proposition that will no doubt lead to greater privacy infractions.”

“In light of Edward Snowden’s revelations of widespread mass surveillance by the state, and with governments also gaining access to large databases in the private sector (as well as the historical record of state abuses), we question the desirability of lowering the standards of privacy and data protection.”

The OECD is a association of 34 governments (including Canada, the U.S., Australia, Japan, and Israel)  that studies economic issues and makes non-binding recommendations to foster prosperity.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

After being all-digital last year, the Consumer Electronics Show is back in Las Vegas for 2022. Find all the latest news and announcements from the showroom floor at CES 2022.

Related Tech News