The Guidelines attempt to balance the protection of privacy and individual liberties and the advancement of free flows of personal data through eight privacy principles which, if observed, are supposed to guarantee a free flow of personal information from other OECD countries.
The core of the Guidelines are the eight `Basic Principles of National Application' in Part Two (Principles 7 to 14). These are principles concerning Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation and Accountability. They are supplemented by definitions in Guideline 1, and by Guideline 19 concerning the means of enforcement of the Guidelines to be adopted in national legislation.
All 25 member countries of the OECD have adopted the Guidelines[3] but, outside Europe, only New Zealand and Québec (Canada) have implemented them in full by legislation covering both the public and private sectors.
Australia announced its intention to adhere to the OECD Guidelines in 1984. The 11 Information Privacy Principles in the Privacy Act 1988 (Cth) are intended to implement the OECD's 8 Principles insofar as personal information held by Commonwealth public sector agencies are concerned. The various methods of enforcement of the Principles provided in the Act implement Guideline 19. State and Territory Freedom of Information Acts implement the Individual Participation Guideline in relation to State and Territory public sectors, but not the other Guidelines. Insofar as the private sector is concerned, it would be difficult to argue that the Guidelines have been implemented in any sector except that relating to credit reporting (Privacy Act 1988, Pt IIIA (Cth)).
Article 23 of the Convention allows the Committee of Ministers of the Council of Europe to allow States which are not members of the Council of Europe to accede to the Convention, provided that all of the Contracting States entitled to sit on the Committee agree. It is therefore possible in theory for Asia-Pacific countries to become a party to the Convention, but as yet no non-member of the Council of Europe has done so.
Some ratifications are qualified in respect of A17, such as by Australia's declaration that A17 was accepted without prejudice to `the right to enact and administer laws which, insofar as they authorise action which infringes on a person's privacy, family, home or correspondence, are necessary in a democratic society in the interests of national security, public safety, the economic well-being of the country, the protection of public health or morals, or the protection of the rights and freedoms of others'.
Article 8 of the European Convention on Human Rights (1950) is in very similar terms, and considerable case law by the European Court of Human Rights has elaborated its meaning. The ICCPR is therefore very different from the OECD Guidelines or the European Convention, as it contains only a very general statement of privacy as a right.
A few Asia-Pacific countries[5] have also acceded to the First Optional Protocol to the ICCPR, thereby agreeing to individuals taking complaints (`communications') that they have breached a provision of the ICCPR to the United Nations Human Rights Committee. The Human Rights Committee is made up of 18 experts from different countries, elected for four year terms by countries that are ICCPR parties. For example, in Toonen v Australia[6] the Committee held that Australia was in breach of A17 because of legislation in an Australian State (Tasmania) which criminalised homosexual conduct in private. The Australian Commonwealth government then legislated to nullify the effect of the Tasmanian legislation (Human Rights (Sexual Conduct) Act 1994 7).
[2] An inter-governmental organisation, the members of which comprise the European Union countries, Switzerland, Turkey, the former Yugoslav states, Canada, the United States, New Zealand, Australia and Japan
[3] Tucker, G `Present situation and trends in privacy protection in the OECD area', Committee for Information, Computer and Communications Policy, OECD, Paris, 1988
[4] Including Australia, Canada, Chile, Democratic People's Republic of Korea, Fiji, Japan, New Zealand, Philippines, Republic of Korea, USA, Vietnam: Status of International Instruments, Chart of Ratifications as at 31 July 1992, United Nations, New York 1992
[5] Including Australia, Canada, Chile, New Zealand, Philippines, Republic of Korea: ibid
[6] UN Human Rights Committee, Views on Communication No. 488/1992, adopted 31 March 1994 - see 1 Privacy Law & Policy Reporter 50
7 Greenleaf, G 'Human Rights (Sexual Conduct) Bill 1994', (1994) 1 PLPR 121
[8] see Kirby, M `The OECD Guidelines for the Security of Information Systems' [1993] Computer Law and Security Report, 190-193
[9] Tucker, G 'Proposed European telecommunications Directive' (1994) 1 PLPR 123