ius and bits

As is well known in Madrid November 4 to 6 took place the 31st International Conference on Privacy, which involved the members and industry experts.

At the end of the conference was adopted the resolution " International Standards on the Protection of Personal Data and Privacy "currently available only in English.

The resolution adopted, with the largest reserves of better insight, leave immediately reveal the need for the standards common in the area of ​​privacy that are not constrained by membership in one or another state. In essence, the proponents adopted the resolution is based on a preliminary part of a proposal which provides as follows:

a) Define a set of principles and rights ensuring the effective and uniform protection of privacy on an international level with regard to the processing of personal data;
b) The facilitation of international flows of personal data necessary in a globalized world.

The preliminary part also provides definitions of terms used with respect to "treatment" explaining that this term refers to any operation or set of operations, automated or otherwise, which is performed upon personal data, such as collection, storage, use, disclosure or deletion.

The second part involves 6 principles and the third concerns the legality of treatment. Part IV provides for the rights of the data and Part V security. Part VI concerns of compliance and monitoring.

Finally, the resolution states:

In this perspective, the processing of personal data in public and private sector would be accomplished in a more uniform approach internationally:

a. fairly, lawfully and proportionately in relation to the specific, explicit and legitimate purposes;

b. based on policy transparency, adequately inform data subjects and without any arbitrary discrimination against them;

c. ensure the accuracy, confidentiality and data security, and the legality of the treatment, and the rights of holders of access, rectification, cancellation and opposition against the data processing;

d. the implementation of the principles of responsibility and obligation, even if the treatments that are performed by service providers, on behalf of the controller;

and. the provision of more guarantees in the case where the data are sensitive;

f. ensure that personal data transferred to the international level, benefit from the level of protection provided by that set of rules,

g. subject to supervision by the supervisory authority is independent and impartial with sufficient powers and resources are made ​​available in connection with the duty to cooperate with each other;

h. in a new and modern framework of proactive measures, such as those oriented in particular to prevent and detect violations and based on the appointment of privacy officers, and efficient audit and evaluation of impact on privacy.

The same resolution also refers to the following international conferences for the verification activities.

(Unofficial translation)