OECD countries, of which Australia is one, have adopted an intergovernmental agreement which confirms the right of member nations to access personal data.

The OECD Declaration on Government Access to Personal Data Held by Private Entities is the first intergovernmental agreement on common approaches to accessing personal data.

It was sparked by concerns that a lack of common principles could lead to restrictions on data flows, and contains safeguards designed to limit the potential for privacy and human rights violations.

Launching the landmark declaration at an OECD meeting  in Spain this week, OECD Secretary General and former Australian federal minister Mathias Cormann said the transfer of data across borders is essential in the digital era not only for business but for law enforcement and national security.

The agreement would improve trust in the flow of data across jurisdictions, he said.

“Without common principles and safeguards, the sharing of personal data across jurisdictions raises privacy concerns, particularly in sensitive areas like national security,” he said.

 “Today’s landmark agreement formally recognises that OECD countries uphold common standards and safeguards.

“It will help to enable flows of data between rule-of-law democracies, with the safeguards needed for individuals’ trust in the digital economy and mutual trust among governments regarding the personal data of their citizens.”

Safeguards

The declaration bans access to personal data that isn’t in line with democratic principles and the rule of law and is “unconstrained, unreasonable, arbitrary or disproportionate”.

However it says cross-border data flows are necessary to conduct business and advance economic and societal goals, and acknowledges that government access to personal is essential to meeting sovereign duties and responsibilities.

“We acknowledge that government access to personal data held by private sector entities is recognised in our national legal frameworks as essential to meeting these sovereign duties and responsibilities, and that law enforcement and national security authorities are therefore vested with powers to lawfully access such data,” the declaration states.

Principles for safeguarding access to information about an identified, or identifiable, individual include:

• Personal data can’t be accessed to suppress dissent or disadvantage minority groups
• Decisions approving access to personal data must be properly documented
• Personal data acquired by governments can only be handled by authorised people
• Impartial oversight is needed to ensure government access is within national legal frameworks
• Avenues for redress must be available

The 38 OECD members include Australia, Austria, Belgium, Canada, Chile, Colombia, Costa Rica, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Korea, Latvia, Lithuania, Luxembourg, Mexico, Netherlands, NZ, Norway, Poland, Portugal, Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, the UK and the US.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter