110 likes | 117 Views
Protection of Personal Information Bill: An International Perspective. International origins. Information privacy not a domestic policy problem: worldwide expansion of telecommunications technology CoE Convention and EU Data Protection Directive OECD Guidelines
E N D
Protection of Personal Information Bill: An International Perspective
International origins • Information privacy not a domestic policy problem: worldwide expansion of telecommunications technology • CoE Convention and EU Data Protection Directive • OECD Guidelines • APEC, Commonwealth, United Nations • ISO and IEC privacy framework
Council of Europe (CoE)’s objectives • To create a common democratic and legal area throughout the whole of the continent, ensuring respect for its fundamental values: human rights, democracy and the rule of law. • Given effect iro information privacy in CoE Convention and EU Directive
Organisation for Economic Cooperation and Development (OECD)’s objectives * To achieve the highest sustainable economic growth and employment and a rising standard of living in member countries, while maintaining financial stability, and thus to contribute to the development of the world economy; • To contribute to sound economic expansion in member as well as non-member countries in the process of economic development; • To contribute to the expansion of world trade on a multilateral, non-discriminatory basis in accordance with international obligations • Given effect iro information privacy in OECD Guidelines
Member countries • COE: European countries • OECD: European countries (including some Eastern European countries), but also United States, Canada, Japan, Australia, New Zealand, Mexico, Korea.
Interpretation of international instruments in national legislation * Clause 1: Definitions • Consensus on internationally accepted privacy principles; implementation differs • Laws in European countries influenced by human rights perspective • Laws in countries outside Europe influenced more by economic imperatives • Developing countries (Africa): Senegal, Morocco, Benin, Burkino Faso
Information Protection Principles Information must be - • Obtained fairly and lawfully • Used only for the original specified purpose • Further processed in compatible fashion • Accurate and up to date • Adequate, relevant and not excessive to purpose • Processed openly • Accessible to subject • Kept secure • Destroyed after its purpose is completed • [Transferred to countries with adequate information protection only] Responsible party must ensure compliance
Drafting of Protection of Personal Information Bill • Principle based vs rules based legislation • Principle based means: * overarching framework, outcomes, not process * compliance with spirit of law * flexibility • Best practice approach complemented with detailed rules, codes of conduct, official guidelines
The Information Management Lifecycle Storage Collection Archive Use Distribution Destruction
Conclusion * The PPI Bill is a hybrid piece of legislation incorporating the human rights perspective while providing for economic expediencies. • It is principled based rather than rules based and the Bill together with other sector specific legislation, regulations, codes of conduct and guidelines form a unique privacy framework for SA. • It emphasises the “do the right thing” approach and promotes compliance with the spirit of the law. • Although it is possible to learn from the experiences in other jurisdictions, the Bill should primarily be interpreted with reference to the international instruments from which it originated.