Benchmarks for Global Privacy Standards (November 2009)

5. Comparison of current global initiatives

The following table attempts to provide a comparison of three current global privacy initiatives against the Benchmarks proposed in this article. The table provides useful information, despite some limitations in the availability of data.[15]

The full details of the Joint Proposal for a Draft International Standard on the Protection of Privacy (the Data Protection Commissioners Standard) have not yet been released. Also, some aspects of the APEC Privacy Framework are incomplete (e.g. the proposed Cross Border Privacy Rules).

Benchmark	CoE Convention (with additional protocol)	APEC Privacy Framework	(Draft) Data Protection Commissioners Standard
Benchmark 1 – Comprehensive Coverage Protection of privacy rights should be comprehensive, with as few gaps and exceptions as possible
1.1 Applies to all organisations	Yes	No	Yes
1.2 Applies to all sectors	Yes	No	Yes
1.3 Applies to all consumers	Yes	Yes	Yes
1.4 Minimised exemptions	Yes	No	Yes
1.5 Applies to all data formats and forms of communication	Yes (although scope can be limited by declarations)	Yes	Yes
Benchmark 2 – Usability Privacy rights should be easy to understand and use for consumers, and easy to manage for business and regulators.
2.1 Easy to understand; short form	No	Encouraged	Encouraged
2.2 Accessibility	No	Yes	Yes
2.3 Low complexity; low cost	Registration requirements are discretionary	No – highly complex, expensive implementation based on CBPRs and registration	Registration requirements are discretionary
Benchmark 3 – Access to Dispute Resolution Protection of privacy rights should be supported by access to affordable and effective dispute resolution
3.1 Requirement for free and fast internal dispute resolution	No	Limited	No
3.2 Requirement for free, fast, and independent external dispute resolution	No	Limited	No
3.3 Allows exercise of individual rights, court action, and other ‘backup provisions’	Yes	No	Yes
Benchmark 4 – Meaningful Enforcement Protection of privacy rights requires the presence and appropriate use of meaningful enforcement powers.
4.1 Appropriate enforcement powers for regulators	Yes	No – choice of enforcement method includes self regulation	Yes
4.2 Commitment by regulators to use enforcement powers	Yes	No	Yes
4.3 Ability for individuals to seek injunctions	No	No	Unknown
4.4 Extensive list of sanctions and remedies	Limited	No	Yes
4.5 Right to seek determination by regulator, including written reasons for decision	Yes	No	Yes
4.6 Transparency of enforcement	Limited	Limited	Unknown
Benchmark 5 – Civil Society Input Protection of privacy rights requires input from key stakeholders. Government and business stakeholders tend to be well represented in the development of privacy initiatives – Civil Society input is essential to produce a balanced outcome.
5.1 Civil Society input for high level global, regional and national privacy standards and frameworks	Yes	No – Civil Society excluded from early development and not granted same input status as business groups	Limited
5.2 Civil Society input for detailed development and implementation of laws and terms of reference for regulators and complaint schemes	Yes	No	Limited
5.3 Civil Society input for relevant reviews and law reform processes	Yes	No	Limited
Benchmark 6 – Effective Oversight and Review Protection of privacy rights requires ongoing oversight and review.
6.1 independent supervisory authority	Yes	No	Yes
6.2 Monitoring of implementation and enforcement	Yes	Limited – requirement for country reports.	Yes
6.3 Regular reviews and guidance	Yes	Unknown	Unknown
6.4 Monitoring for false claims of privacy protection by organisations	n/a	No – claims of APEC compliance already widespread with no central control	n/a
Benchmark 7 – International Cooperation Protection of privacy rights should be international, with support and collaboration amongst nations.
7.1 Protection of information transferred to another jurisdiction	Yes	Limited	Yes
7.2 Guidance on ‘adequacy’ of protections in jurisdictions	Yes	No	Yes
7.3 International guidance on contract terms for privacy protection	Yes	No	Yes
7.4 International cooperation on complaints and enforcement	Yes	Yes – encouraging progress on cross-border cooperation – key agreements still in development	Yes
7.5 Support for countries developing privacy protection; exchanging skills and information and training	No	Yes	Unknown

[15] The analysis contained in the table represents the personal views of the author. Comments are welcome.





	home about us services projects research contact
	» home » research » assets » benchmarks for global privacy 2009