<<<
Chronological Index
>>> <<<
Thread Index
>>>
[nc-whois] The OECD Privacy Guidelines As a Guide to the WHOIS Task Force's Privacy Issues Report
Dear Co-Members of the WHOIS Task
Force:
We had an interesting brainstorming session on the privacy issues report
during today’s teleconference. Ken Stubbs talked about stratified
access; Thomas Roessler and Brian Faucet discussed the challenge of
complying with a number of local and international laws; Ram Mohan posed
questions about the intersection of privacy with accuracy, stability, and
security; Kristy McKee talked about a categorization of registrants; Abel
Wisman talked about accessibility issues; and Marilyn listed four topics
- different needs of different kinds of registrants, implications of
different European directives on gTLD WHOIS, the current availability of
anonymity services, and how ccTLDs are dealing with privacy, accuracy,
and with other related topics.
And as I discussed, the Organization for Economic Cooperation and
Development (OECD) Privacy Guidelines provide an already thought-out
solution to the questions and problems that were posed during today’s
teleconference.
To give you more information (as promised):
- On September 23, 1980, the Organization for Economic Cooperation and
Development, a group of leading industrial countries concerned with
global economic and democratic development, issued guidelines for privacy
protection in the transfer of personal information across national
borders. These are the Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data. The OECD Privacy Guidelines
outline an eight-fold path to privacy.
- First is the principle of collection limitation. This principle
states that there should be limits to the collection of personal data;
any such data collected should be obtained by lawful means and with the
consent of the data subject, where appropriate. Second is the
principle of data quality. This principle embodies the notion that
collected data should be relevant to a specific purpose, and be accurate,
complete, and up-to-date. Third is the principle of purpose
specification; that is, the purpose for collecting data should be settled
at the outset. The fourth principle, use limitation, works in
tandem with the third. It states that the use of personal data
ought be limited to specified purposes, and that data acquired for one
purpose ought not be used for others. The fifth principle is
security: data must be collected and stored in a way reasonably
calculated to prevent its loss, theft, or modification. The sixth
principle is openness. There should be a general position of
transparency with respect to the practices of handling data. The
seventh principle is individual participation: individual should
have the right to access, confirm, and demand correction of their
personal data. The eighth and last principle is
accountability. Those in charge of handling data should be
responsible for complying with the principles of the privacy
guidelines.... [see Marc Rotenberg, The Privacy Law Sourcebook:
United States Law, International Law, and Recent Developments 324-52
(EPIC 2002) (“OECD Privacy Guidelines”)]
For another perspective:
- The OECD Guidelines on the Protection of Privacy and Transborder
Flows of Personal Data, adopted on 23 September 1980, continue to
represent international consensus on general guidance concerning the
collection and management of personal information. By setting out core
principles, the Guidelines play a major role in assisting governments,
business and consumer representatives in their efforts to protect privacy
and personal data, and in obviating unnecessary restrictions to
transborder data flows, both on and off line. The reflection of
twenty-one years of expertise and experience shared among representatives
of OECD governments, business and industry, and civil society, this
publication contains the instruments that serve as the foundation for
privacy protection at the global level…. [see
http://www.oecd.org/EN/home/0,,EN-home-0-nodirectorate-no-no-no-0,FF.html
and do a search for “OECD Privacy Guidelines”]
Note that the OECD Privacy Guidelines reflect an international
consensus on privacy, and include guidelines on accuracy, data use
limitation, and security. Therefore, the WHOIS Task Force should
carefully read and understand the OECD Privacy Guidelines before engaging
in a meaningful discussion on privacy.
I am happy to lead such a discussion in our Privacy Issues Report.
Please let me know if I can supply further information.
Sincerely,
Ruchika Agrawal
WHOIS Task Force Member
Non-Commercial Constituency
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|