I don’t agree with Mr. Bender. I believe the APEC guidelines (pdf) are the weakest international privacy standards. For example, the APEC framework sets no limits on the retention of personal information and places the burden on consumers to prove how and where they are harmed.
Also, I would argue that the global framework already exists and has been in use internationally for decades: The OECD Guidelines. This framework is much more protective of private data. The OECD Guidelines state that individuals have the right to limit the use of personal information they disclose to others, and businesses have a duty to safeguard the data they collect.
Though Mr. Bender’s article favors businesses over consumer privacy, it is worth reviewing.
When it comes to privacy, we are not isolated from what goes on abroad. Laws and practices in one nation affect laws and practices elsewhere, largely because of the immense constant cross-border flow of personal data. Thus, we are increasingly being propelled toward the need for a single global data protection paradigm.
Until recently, the only real candidate for this model has been the European Union data protection regime, a model that the business community disfavors. But a new model is emerging — one that professes to protect privacy while eschewing unnecessary onerous requirements. Given the importance of New York City as an international hub, and as headquarters to many multinational corporations, this is a matter of importance to many attorneys here. […]
The Asia-Pacific Economic Cooperation is an organization of 21 nations including 40 percent of the world’s population, and responsible for 48 percent of international trade. Members include Australia, Canada, China, Japan, Mexico and the United States; India (not included in these statistics) is an observer.
Beginning as an informal dialog group in 1989, APEC established a Secretariat in 1993. More recently, APEC has developed a “privacy framework,” and has initiated a cross-border transfer test program involving Canada, Mexico and the United States, along with five corporations.
In many respects the APEC privacy framework is similar to the EU privacy regime. But the APEC framework, which has support from the business community, includes three important precepts that differentiate it markedly:
- APEC focuses on preventing injury, rather than on imposing general privacy requirements;
- APEC seems to have a genuine interest in balancing privacy against other important interests; and
- APEC views eliminating unnecessary impediments to cross-border data transfer as being on the same level of importance as privacy itself.