The Australian Privacy Foundation has issued a revised policy statement on International Data Privacy Standards: A Global Approach (pdf). Here’s a snippet from their statement:
The OECD’s 2013 decision to leave the OECD’s ‘Basic Principles of National Application’ unchanged is a missed opportunity to respond to the developments of the last 35 years. The only significant positive addition is a new Part on ‘Implementing Accountability,’ which introduces additional obligations on data controllers, including breach notification requirements.
Negative changes have been made to other Parts of the Guidelines concerning cross border data transfer controls, interoperability of privacy regimes and ‘risk-based’ assessment. They are harmful in restricting the ability of countries to limit exports of personal information to jurisdictions with weaker privacy standards.
Consequently, APF opposes any continuing recognition of the (revised) OECD Guidelines as an international data privacy standard suitable for current and future social and technical environments, with a particular deficiency being the weakened cross-border data transfer provisions. APF opposes the OECD’s invitation to non-Members of the OECD to adopt the Guidelines as the desirable standard of privacy protection, wherever a higher standard is possible.