The 38 member nations of the Organization for Economic Co-operation and Development (“OECD”) have adopted first Intergovernmental agreement which aims to safeguard the user privacy when personal data is accessed by government for national security and law enforcement purposes.
The OECD Declaration on Government Access to Personal Data Held by Private Sector Entities was signed between 38 OEC countries and European Union during OECD’s 2022 Digital Economy Ministerial Meeting. It seeks to improve trust of individuals in cross border data transfers as well as trust among governments regarding sharing of personal data of their citizens. The declaration lays down common standards and safeguards which will be observed by each OECD country while accessing personal data of citizens of member nations.
It Complements OECD Privacy Guidelines which were published in 1980. It rejects any such approach which is inconsistent with democratic values and rule of law. It provides for seven specific principles which must be observed by member states while sharing the data:
1 . Legal Basis – The legal framework sets out purposes, conditions, limitations and safeguards concerning government access, so that individuals have sufficient guarantees against the risk of misuse and abuse.
2. Legitimate aims– government shall access the data only for such aims which are in conformity with rule of law.
3. Prior Approvals – prior approval requirements for government access are established in the legal framework to ensure that access is conducted in accordance with applicable standards, rules and processes.
4. Data Handling – data must be accessed by only authorized individuals.
5. Transparency – legal framework for government access is clear and easily accessible to the public so that individuals are able to consider the potential impact of government access on their privacy and other human rights and freedoms.
6. Oversight
Effective and impartial oversight to ensure that government access complies with the legal framework.
7. Redress – effective judicial and non judicial remedies must be must be notified which can be approached in case of violation of national legal framework.
The agreement gives a framework for cross border data transfer but does not illuminate a clear path. A detailed declaration can be accessed here,
https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0487