In 2005, at the 27th International Data Protection Commissioners Conference in Montreux, Switzerland, Canadian's Commissioner Ann Cavoukian chaired a Working Group of Commissioners. This Working Group was convened for the sole purpose of creating a single Global Privacy Standard.
Commissioner Ann Cavoukian said: "faced with globalization and convergence of business practices, regardless of borders, I thought there was a pressing need to harmonize various sets of fair information practices into one Global Privacy Standard. Once such a foundational policy piece was in place, then businesses and technology companies could turn to a single instrument for evaluating whether their practices or systems were actually privacy enhancing, in nature and substance." Read more
The final version of the Global Privacy Standard (GPS) (see below) was formally tabled and accepted in the United Kingdom, on November 3, 2006, at the 28th International Data Protection Commissioners Conference.
"GPS Privacy Principles
1. Consent:The individual’s free and specific consent is required for the collection, use or disclosure of personal information, except where otherwise permitted by law. The greater the sensitivity of the data, the clearer and more specific the quality of the consent required. Consent may be withdrawn at a later date.
2. Accountability: Collection of personal information entails a duty of care for its protection. Responsibility for all privacy related policies and procedures shall be documented and communicated as appropriate, and assigned to a specified individual within the organization. When transferring personal information to third parties, organizations shall seek equivalent privacy protection through contractual or other means.
3. Purposes: An organization shall specify the purposes for which personal information is collected, used, retained and disclosed, and communicate these purposes to the individual at or before the time the information is collected. Specified purposes should be clear, limited and relevant to the circumstances.
4. Collection Limitation: The collection of personal information must be fair, lawful and limited to that which is necessary for the specified purposes.
Data Minimization -- The collection of personal information should be kept to a strict minimum. The design of programs, information technologies, and systems should be given with non-identifiable interactions and transactions as the default. Wherever possible, identifiability, observability, and linkability of personal information should be
5. Use, Retention, and Disclosure Limitation: Organizations shall limit the use, retention, and disclosure of personal information to the relevant purposes identified to the individual, except where otherwise required by law. Personal information shall be retained only as long as necessary to fulfill the stated purposes, and then securely destroyed.
6. Accuracy: Organizations shall ensure that personal information is as accurate, complete, and up-to-date as is necessary to fulfill the specified purposes.
7. Security: Organizations must assume responsibility for the security of personal information throughout its lifecycle consistent with the international standards that have been developed by recognized standards development organizations.
Personal information shall be protected by reasonable safeguards, appropriate to the sensitivity of the information (including physical, technical and administrative means).
8. Openness: Openness and transparency are key to accountability. Information about the policies and practices relating to the management of personal information shall be made readily available to individuals.
9. Access: Individuals shall be provided access to their personal information and informed of its uses and disclosures. Individuals shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Compliance:Organizations must establish complaint and redress mechanisms, and communicate information about them to the public, including how to access the next level of appeal. Organizations shall take the necessary steps to monitor, evaluate, and verify compliance with their privacy policies and procedures."
Consultation due on December 31, 2009
This is a listing of events which may be useful for civil society to participate, connect and network on issues relating to information and communication technologies and policies.
Participation in the World Summit on the Information Society Internet Governance Caucus »
Washington DC, United States. Internet Governance Forum USA
September 14 - 15
Seoul, South Korea. ICANN No. 36.
October 25 -30, 2009
Sharm El Sheikh - Egypt. United Nations. IV Internet Governance Forum November 15-18, 2009