What is LawBrain?
It's a living legal community making laws accessible and interactive. Click Here to get Started »

International Privacy Law

From lawbrain.com

International privacy law is concerned with the protection and preservation of the privacy rights of its citizens, especially when exchanging citizen data with other countries.

  • This LawBrain entry is a stub. Please help us expand it! Click the 'Edit' tab above to add to this page.

Contents

Overview

The development of international privacy laws (non-U.S.) have primarily been based on the Organisation for Economic Co-Operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data[1]. These guidelines are based on fair information practices.The OECD information privacy principles[2] include:

  • Principle 1: Collection Limitation
  • Principle 2: Data Quality
  • Principle 3: Purpose Specification
  • Principle 4: Use Limitation
  • Principle 5: Security Safeguards
  • Principle 6: Openness
  • Principle 7: Individual Participation
  • Principle 8: Accountability

European Union

The EU privacy laws are quite extensive. Not only is there the overarching directives created by the European Union (EU), each country that is part of the EU must have its own individual laws that follow the directive requirements.

The EU privacy directives are based on the OECD privacy guidelines.

Non-EU European Countries

European privacy laws are also established by countries not affiliated with the European Union (EU). Even though these countries are not part of the EU, they may be affiliated with the Organisation for Economic Co-Operation and Development (OECD).  Some of these countries therefore follow the OECD's Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.[3]

Canada

Canadian privacy laws are similar to the EU in that there is an overarching law. So far, only British Columbia, Alberta, Quebec and Ontario have adopted privacy laws that are similar to the federal privacy law.

The fair information practices adopted by the OECD were the basis for the Canadian Standards Association's CSA's Model Code for the Protection of Personal Information[4]. The CSA information privacy principles include:

  • Principle 1: Accountability
  • Principle 2: Identifying Purposes
  • Principle 3: Consent
  • Principle 4: Limiting Collection
  • Principle 5: Limiting Use, Disclosure, and Retention
  • Principle 6: Accuracy
  • Principle 7: Safeguards
  • Principle 8: Openness
  • Principle 9: Individual Access
  • Principle 10: Challenging Compliance

Asia-Pacific

Asia-Pacific privacy laws are primarily based on the Asia-Pacific Economic Cooperation (APEC) Privacy Framework[5]. The APEC Privacy Framework was based on the OECD privacy guidelines and fair information practices.The APEC information privacy principles include:

  • Principle 1: Preventing Harm
  • Principle 2: Notice
  • Principle 3: Collection Limitations
  • Principle 4: Uses of Personal Information
  • Principle 5: Choice
  • Principle 6: Integrity of Personal Information
  • Principle 7: Security Safeguards
  • Principle 8: Access and Correction
  • Principle 9: Accountability

Australia

Australian privacy laws are based on the OECD privacy guidelines. There are two sets of privacy principles that Australian privacy laws follow: (1) the National Privacy Principles (NPPs)[6] and (2) the Information Privacy Principles (IPPs).[7] The National Privacy Principles are standards regulate personal information held by private sector organizations, including private health service providers. The principles include:

  • Principle 1: Collection
  • Principle 2: Use and disclosure
  • Principle 3: Data quality
  • Principle 4: Data security
  • Principle 5: Openness
  • Principle 6: Access and correction
  • Principle 7: Identifiers
  • Principle 8: Anonymity
  • Principle 9: Transborder data flows
  • Principle 10: Sensitive information

The Information Privacy Principles regulate personal information handled by the government.  The principles include:

  • Principle 1: Manner and purpose of collection of personal information
  • Principle 2: Solicitation of personal information from individual concerned
  • Principle 3: Solicitation of personal information generally
  • Principle 4: Storage and security of personal information
  • Principle 5: Information relating to records kept by record-keeper
  • Principle 6: Access to records containing personal information
  • Principle 7: Alteration of records containing personal information
  • Principle 8: Record-keeper to check accuracy etc of personal information before use
  • Principle 9: Personal information to be used only for relevant purposes
  • Principle 10: Limits on use of personal information
  • Principle 11: Limits on disclosure of personal information

Latin America

Privacy rights in the Caribbean, Central and Latin America are primarily found in the constitutions of individual countries.  These data protection and privacy laws are usually based on rights of habeas data.

Middle East

Middle Eastern privacy laws are starting to be developed and enforced by a few countries.  A reason for privacy and data protection laws being developed is due to the transfer of data from one country to another.  If Middle Eastern states wish to exchange data with other countries, such as those in the EU that have strict data protection requirements, they must have laws in place that offer protections for data privacy before those countries will even consider doing business with them.

Africa

African privacy laws are just beginning to emerge.  There are a few countries that have established legislation on data protection and privacy.  One of the reasons for such laws being developed is due to cross-border data flows.  If African states wish to exchange data with other countries, such as those in the EU, they must have laws in place that offer protections before those countries will even consider doing business with them.

Recent Developments

There has been a push to establish an international privacy law that provides an universally binding agreement on protecting data.  In 2009 at the 31st International Conference of Data Protection and Privacy in Mardrid, Data protection authorities from over 50 countries approved the Madrid Resolution[8] on international privacy standards.  The Madrid Resolution privacy principles include:

  • Principle 1: Lawfulness and Fairness
  • Principle 2: Purpose Specification
  • Principle 3: Proportionality
  • Principle 4: Data Quality
  • Principle 5: Openness
  • Principle 6: Accountability

References

  1. http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
  2. http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html#part2
  3. http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
  4. http://www.csa.ca/cm/ca/en/privacy-code/publications/view-privacy-code
  5. http://www.apec.org/apec/apec_groups/committee_on_trade/electronic_commerce.MedialibDownload.v1.html?url=/etc/medialib/apec_media_library/downloads/taskforce/ecsg/pubs/2005.Par.0001.File.v1.1
  6. http://www.privacy.gov.au/materials/types/infosheets/view/6583
  7. http://www.privacy.gov.au/materials/types/infosheets/view/6541
  8. http://www.gov.im/lib/docs/odps//madridresolutionnov09.pdf

Related Content on FindLaw

Failed to load RSS feed from http://search.yahooapis.com/WebSearchService/rss/webSearch.xml?appid=yahoosearchwebrss&query=international+privacy+law%20site:blogs.findlaw.com!

                                                                            Web Services by Yahoo!

External Links

See Also

Contributors

FindLaw Michelle, FindLaw Nira