As we have seen the rise of information and communication technology played a significant role in the development of the right to privacy. The automated processing of personal data using computers and accompanying database technology changed the face of privacy considerably. The new face of privacy also prompted changes to the codification of the right to privacy.16This pro-
cess started in the early seventies of the twentieth century with the drafting of theFair Information Practice Principles.
5.5.1 Fair Information Practice Principles (1973)
In 1973 the United States Department of Health, Education, and Welfare drafted a seminal report titledRecords, Computers and Rights of Citizensthat contained aCode of Fair Information Practices. These Fair Information Practices
16 It is important to note that scope of data protection law is broader than that of the right to privacy (Hustinx 2004, p. 270). As such, data protection law does not depend on a distinction between the public and the private for its application. However, data protection law is still intimately linked to the right to privacy and the individual.
consist of five basic principles to which every data processing party should adhere.
· There must be no personal data record-keeping system of which the very existence is secret.
· There must be a way for an individual to find out what information about him is in a record and how it is used.
· There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent.
· There must be a way for an individual to correct or amend a record of identifiable information about him.
· Any organisation creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent the misuse of data.
5.5.2 OECDPrivacy Guidelines (1980)
An important (international) development in the regulation of informational privacy was the adoption of theRecommendation Concerning and Guidelines Governing the Protection of Privacy and the Transborder Flow of Personal Databy the Organisation for Economic Cooperation and Development (OECD). Without the processing of personal data much of our social and economic activities would be far less efficient and effective, or would become impossible alto- gether. As such, there must be room for a free flow of personal data. TheOECD Privacy Guidelines were drafted to create a framework that would allow for the transborder flow of personal data while safeguarding the privacy of the individual. They set forth a path to privacy based on the following eight principles (Rotenberg 2003, p. 328).
Collection Limitation Principle
This principle states that personal data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. Furthermore there should be limits to the collection of personal data. Data Quality Principle
This principle states that any personal data collected should be relevant to the purposes for which they are to be used and when used should be accurate, complete, and kept up-to-date.
Purpose Specification Principle
This principle states that the purpose of the collection of any personal data should be specified not later than at the time of data collection and the sub-
sequent use limited to the fulfilment of those purposes, or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
Use Limitation Principle
This principle states that personal data should not be disclosed, made available, or otherwise used for purposes other than those covered by the purpose specification.
Security Safeguards Principle
This principle states that any personal data collected and used should be protected by reasonable security measures to minimise the risk of unauthorised access, destruction, use, modification, or disclosure of personal data. Openness Principle
This principle states that there should be a general policy of openness about developments, practices, and policies with respect to personal data. It further states that means should be readily available of establishing the existence and nature of personal data, the main purposes of their use, as well as the identity and residence of the data controller.
Individual Participation Principle
This principle acknowledges certain rights of data subjects with regard to their personal data. The first right a data subject has is the right to obtain confirma- tion from a data controller whether his information is being processed. Further- more, the data subject has the right to have this information communicated to him within a reasonable time, in a reasonable manner, and in a form that is readily intelligible to him. If such information cannot be communicated, the data subject must be given reasons as to why it cannot be communicated, as well as the right to challenge this decision. Finally the data subject has the right to challenge data relating to him, and if successful have it erased, rectified, completed, or amended.
Accountability Principle
The final principle holds data controllers accountable for complying with measures that give effect to the above stated principles.
The principles laid down in theOECDGuidelines are still used. TheOECD Privacy Guidelines have played an important part in the creation of the Euro- pean personal data protection regime, for which the groundwork was laid in 1981.
5.5.3 Council of Europe Convention on Privacy (1981)
Inspired by theOECDPrivacy Guidelines the Council of Europe concluded theConvention for the Protection of Individuals with Regard to Automatic Processing of Personal Datain 1981. The Convention entered into force in 1985. As the Council of Europe worked closely with the OECD the Convention closely resembles theOECDPrivacy Guidelines. For this reason I shall not enumerate the individual provisions of the Convention as they are roughly the same as theOECDPrivacy Guidelines.