Benchmarks for Global Privacy Standards (November 2009)
5. Comparison of current global initiatives
The following table attempts to provide a comparison of three current global privacy initiatives against the Benchmarks proposed in this article. The table provides useful information, despite some limitations in the availability of data.[15]
The full details of the Joint Proposal for a Draft International Standard on the Protection of Privacy (the Data Protection Commissioners Standard) have not yet been released. Also, some aspects of the APEC Privacy Framework are incomplete (e.g. the proposed Cross Border Privacy Rules).
Benchmark |
CoE Convention (with additional protocol) |
APEC Privacy Framework |
(Draft) Data Protection Commissioners Standard |
Benchmark 1 – Comprehensive Coverage |
|||
1.1 Applies to all organisations |
Yes |
No |
Yes |
1.2 Applies to all sectors |
Yes |
No |
Yes |
1.3 Applies to all consumers |
Yes |
Yes |
Yes |
1.4 Minimised exemptions |
Yes |
No |
Yes |
1.5 Applies to all data formats and forms of communication |
Yes (although scope can be limited by declarations) |
Yes |
Yes |
Benchmark 2 – Usability |
|||
2.1 Easy to understand; short form |
No |
Encouraged |
Encouraged |
2.2 Accessibility |
No |
Yes |
Yes |
2.3 Low complexity; low cost |
Registration requirements are discretionary |
No – highly complex, expensive implementation based on CBPRs and registration |
Registration requirements are discretionary |
Benchmark 3 – Access to Dispute Resolution |
|||
3.1 Requirement for free and fast internal dispute resolution |
No |
Limited |
No |
3.2 Requirement for free, fast, and independent external dispute resolution |
No |
Limited |
No |
3.3 Allows exercise of individual rights, court action, and other ‘backup provisions’ |
Yes |
No |
Yes |
Benchmark 4 – Meaningful Enforcement |
|||
4.1 Appropriate enforcement powers for regulators |
Yes |
No – choice of enforcement method includes self regulation |
Yes |
4.2 Commitment by regulators to use enforcement powers |
Yes |
No |
Yes |
4.3 Ability for individuals to seek injunctions |
No |
No |
Unknown |
4.4 Extensive list of sanctions and remedies |
Limited |
No |
Yes |
4.5 Right to seek determination by regulator, including written reasons for decision |
Yes |
No |
Yes |
4.6 Transparency of enforcement |
Limited |
Limited |
Unknown |
Benchmark 5 – Civil Society Input |
|||
5.1 Civil Society input for high level global, regional and national privacy standards and frameworks |
Yes |
No – Civil Society excluded from early development and not granted same input status as business groups |
Limited |
5.2 Civil Society input for detailed development and implementation of laws and terms of reference for regulators and complaint schemes |
Yes |
No |
Limited |
5.3 Civil Society input for relevant reviews and law reform processes |
Yes |
No |
Limited |
Benchmark 6 – Effective Oversight and Review |
|||
6.1 independent supervisory authority |
Yes |
No |
Yes |
6.2 Monitoring of implementation and enforcement |
Yes |
Limited – requirement for country reports. |
Yes |
6.3 Regular reviews and guidance |
Yes |
Unknown |
Unknown |
6.4 Monitoring for false claims of privacy protection by organisations |
n/a |
No – claims of APEC compliance already widespread with no central control |
n/a |
Benchmark 7 – International Cooperation |
|||
7.1 Protection of information transferred to another jurisdiction |
Yes |
Limited |
Yes |
7.2 Guidance on ‘adequacy’ of protections in jurisdictions |
Yes |
No |
Yes |
7.3 International guidance on contract terms for privacy protection |
Yes |
No |
Yes |
7.4 International cooperation on complaints and enforcement |
Yes |
Yes – encouraging progress on cross-border cooperation – key agreements still in development |
Yes |
7.5 Support for countries developing privacy protection; exchanging skills and information and training |
No |
Yes |
Unknown |
[15] The analysis contained in the table represents the personal views of the author. Comments are welcome.