Over the last week, privacy regulators from around the world have been meeting in Madrid at the 31st International Conference of Data Protection and Privacy Commissioners. Canada’s own Privacy Commissioner, Jennifer Stoddart, has not surprisingly had a prominent role in the conference, chairing a plenary session on internet privacy. She was also a speaker at another plenary session on moving towards a global privacy framework. The private sector have been involved in the discussions and it appears that there is growing consensus that the global economy and global internet necessitate global (or at least globally compatible) privacy standards. I haven’t managed to get my hands on the final communique, but Agence France Press sumarizes some of the key principles that will be the basis of of this framework:
… Under the proposed standards, data may only be processed after obtaining the “free, unambiguous and informed consent” of the data subjects and it should be deleted when it is no longer necessary for the purposes for which it was gathered.
Data collectors must identify themselves, state in clear language the purpose of the data processing and the recipients of the gathered data.
International transfers of personal data may only be carried out to a country which “affords, as a minimum, the level of protection provided for in the document,” according to the proposed standards, agreed by representatives from privacy protection agencies….
It will be interesting to see where this leads.