CHAPTER 22.  Case Study E -- Transborder Data Flows and the Protection of Privacy at the OECD
 

"Something there is that doesn't love a wall,
and wants it down."
Robert Frost, Mending Wall

Technology Threatens Privacy
The Organization for Economic Cooperation and Development (OECD) was established at Paris in 1961 to continue promoting economic recovery and welfare of member countries begun after World War II under the Marshall Plan and the Organization for European Economic Cooperation.  By the time the subject of this case study arose in 1978, OECD member countries numbered twenty-four, including countries from western Europe, the United States, Canada, Japan, Australia and New Zealand.  Since then five more countries have joined the OECD: Czech Republic, Hungary, Mexico, Poland and South Korea.

In 1978 OECD member countries set up an Expert Group on Transborder Data Barriers and Privacy Protection under the auspices of the Committee on Science and Technology Policy.  The driving force was rapid technological developments in handling and transmitting across national borders increasing amounts of personal data.  The need was to adopt harmonized national policies that would reconcile the competing goals of privacy protection and the free flow of information.  In 1978 it was not hard to imagine nontariff barriers to transborder data flows erected in the name of privacy protection.  At that time only about half the OECD countries had privacy protection laws in place or ready for consideration.  One of these was Sweden, a moving force behind the OECD effort.  Such laws typically prohibited unlawful storage of personal data, the storage of inaccurate data or their unauthorized disclosure.  Financial institutions such as banks and credit card companies were particularly interested in free flow of data; brokers, insurance companies and transportation and shipping interests also depended on information flow free of artificial restraints.

At the same time, France was chairing a similar exercise on privacy protection in the Council of Europe.  For a while France delayed proceedings at the OECD because it wanted the Council's guidelines to come out first and possibly because it had more control over the Council's work.  In the end France agreed to the OECD formulation, which of course had wider application than those of the Council's.

The information explosion in the 1980s and 90s, particularly via the Internet, the Worldwide Web and the so-called information superhighway, has justified the OECD project.  But it was with considerable prescience that already in the 1970s the OECD recognized privacy of technology-augmented transborder data flows as a future issue amenable to management before it became contentious and before member countries' laws collided.  The issue, of course, could have been treated at OECD by the economic side of the house because nontariff trade barriers were the unspoken danger.  It is all the more remarkable that the Committee on Scientific and Technological Policy at OECD was the one to study transborder data flows.  It was staffed with a creative and diligent secretariat in the best tradition of the OECD and not at all with the stereotypical (and all too typical) international civil servants often found elsewhere.  The experts group also boasted many highly competent and hard-working delegates from OECD country capitals.

Science Committee Guidelines Protect Privacy
The chairman of the experts was the brilliant and indefatigable Justice M.D. Kirby of Australia, who was chairman of the Australian Law Reform Commission.  Kirby combined awareness of the issue with sensitivity to member countries' views.  His patience, fairness and drive, manifest in untold long trips to Paris from Canberra; in telegrams, letters, reports, compromise drafts, proposals and critiques; and in his own optimism altogether carried all member countries together to the desired result.  The council, the OECD's highest body, adopted guidelines for use by member countries to protect privacy and transborder flows of personal data on September 23, 1980. (The guidelines developed by the Council of Europe had been adopted on September 17.)11

The experts had passed their recommendations to their political masters, the member country ambassadors who served as representatives to the council.  Although supportive of the work all along, the United States and Canada had raised objections and delayed final agreement among the experts.  At the decisive council meeting Netherlands and even Australia, despite Justice Kirby's chairmanship, hesitated.  Five countries abstained from approval in the final vote: Australia, Canada, Ireland, Turkey and the United Kingdom.  The guidelines went into effect for the other members, and the abstaining countries were free to join them at any time.

The guidelines provided that in collecting and managing personal information member countries should
 

The key point of the council decision was that if a member country subscribed to the guidelines, no other member country should restrict transborder flows of personal data to that country.  Adherence to the guidelines thus assured transfer of personal data among all member countries.

Under the terms of the adopted recommendation member countries were also to assure national legislation was in accord with the guidelines.