The OECD is made up of 29 of the world’s industrial democracies in North America, Europe and the Pacific Rim and it develops issues of economic and social policy. The organisation cannot produce binding international law, but it often acts as a forum for meetings among its countries to develop international agreements.
The OECD says that it sees privacy policies as helping visitors to make informed choices about entrusting an organisation with personal data and doing business with it. It says the new guidelines represent “an international consensus on how best to balance effective privacy protection with the free flow of personal data.”
To help implement the guidelines, the OECD has developed the a free Privacy Policy Statement Generator on its web site in co-operation with industry, privacy experts and consumer organisations. The Generator, which has been endorsed by the OECD’s member countries, aims to offer guidance on compliance with the Guidelines and to help organisations develop privacy policies and statements for display on their web sites. It uses a series of questions to learn about the data practices of an organisation and then feeds these into a policy statement.
However, the effectiveness of the statement is limited by the answers given to the questions and it will not necessarily comply with the legal requirements of a particular country.
In Europe, privacy policies as such are not a legal requirement for a web site that collects and uses personal data, but they are recommended. A data protection notice is a legal requirement in the European Union, but the necessary contents of such a notice can instead be incorporated in a privacy policy. Generally, a privacy policy is thought of as a less formal means of explaining what data is collected and how it is used. The notice or statement must also be brought to the attention of the individual in an effective manner. The US has no equivalent law, but recently came to an agreement with the European Commission on the export of data from Europe to the US (see Commission decision on safe harbor data protection, OUT-LAW News, 01/08/2000).