|Title:||Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data (23 September 1980)|
|Topic:||Generic data processing activities, including the export of personal data|
|Direct / indirect relevance||Direct. The text directly prescribes a duty to assess security measures with regard to data processing and to take the required security precautions.|
|Scope:||Nonbinding recommendation to OECD nations calling for national regulation in this field|
|Legal force:||Not legally binding, neither to natural persons, legal entities or countries|
|Affected sectors:||Generic data processing activities using digital processing methods|
|Relevant provision(s):||Security Safeguards Principle
11. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
15. Member countries should take into consideration the implications for other Member countries of domestic processing and re-export of personal data.
16. Member countries should take all reasonable and appropriate steps to ensure that transborder flows of personal data, including transit through a Member country, are uninterrupted and secure.
17. A Member country should refrain from restricting transborder flows of personal data between itself and another Member country except where the latter does not yet substantially observe these Guidelines or where the re-export of such data would circumvent its domestic privacy legislation. A Member country may also impose restrictions in respect of certain categories of personal data for which its domestic privacy legislation includes specific regulations in view of the nature of those data and for which the other Member country provides no equivalent protection.
|Relevance to RM/RA:||Similar to the UN Guidelines directly above, the OECD Recommendations are mostly of historical importance, as a background to more recent regulation, including (if not particularly) the aforementioned Privacy Directive.
None the less, the Recommendations are a summary statement of basic principles with regard to automated data processing.