Jim Shaughnessy, senior vice president, general counsel, and secretary at Workday, explains why now is the time for the U.S. and other countries to adopt privacy laws based on the OECD Fair Information Principles. A law based on the OECD principles will ensure fair treatment of individuals and their personal information, regardless of where they live or with whom they interact.
With the EU’s General Data Protection Regulation (GDPR) having just come into force and discussions on the use of personal data increasing in frequency and intensity, privacy is taking center stage in the U.S. At Workday, we believe privacy is of such vital importance—particularly in an era of rapid technological innovation—that government and industry together need to honor it, including by protecting individuals’ privacy proactively through a legal framework.
At Workday, privacy protections have been a fundamental component of our services from the very beginning. Our third-party audit reports and standards certifications provide tangible evidence of how we protect our customers’ data. When we develop new offerings we implement privacy by design from the very beginning. We have received approval from EU privacy regulators for our Binding Corporate Rules and were among the first companies to certify to the EU-U.S. Privacy Shield protecting personal data transferred from the EU. And we’ve built features that enable our customers to comply with GDPR.
Our efforts are complemented by legal frameworks in the U.S., EU, and elsewhere. As my colleague Jason Albert has explained, the U.S. has a long privacy law tradition, stretching back to the 19th century and providing the doctrinal foundation for the Organization for Economic Cooperation and Development Fair Information Principles. In addition to this heritage, the U.S. currently has a number of strong sector-specific privacy laws governing financial institutions, health providers, educational institutions, and children, in addition to all 50 states’ data breach notification laws. Overlaying all of these, the Federal Trade Commission enforces prohibitions on unfair and deceptive trade practices.
Together these provisions create a U.S. privacy framework that is stronger than it is often given credit for. However, from the outside, the disparate structure of U.S. privacy law makes it difficult for other countries to determine whether gaps exist in protection. As a result, the EU requires U.S. companies to certify to the Privacy Shield or enter into other arrangements to ensure data transferred to the U.S. benefits from substantially similar protections as under European privacy law.
In our view, now is the time for a different—more comprehensive—approach that will benefit customers by creating more clarity for the global community. The U.S. and other countries around the world should adopt privacy laws based on the OECD Fair Information Principles. As privacy is a fundamental value around the globe as well as in the U.S., it is incumbent on the U.S. to lead by having a modern legal framework protecting the privacy of its citizens. While U.S. privacy law must reflect our legal and political traditions, the OECD principles are sufficiently flexible to support country-to-country variation and sufficiently strong to provide international harmonization to ensure that personal data can flow freely across borders in a cloud-enabled world.
A law based on the OECD principles will ensure fair treatment of individuals and their personal information, regardless of where they live or with whom they interact.
The OECD principles provide a widely-shared common baseline for the 35 countries that are OECD members. The voluntary OECD principles cover all the core tenets of data privacy rights—data collection, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. Enacting these principles in U.S. national legislation should result in U.S. law being deemed adequate by the EU and will facilitate the continued free flow of personal data.
Most importantly, a law based on the OECD principles will ensure fair treatment of individuals and their personal information, regardless of where they live or with whom they interact. For all these reasons, we call upon the U.S. and other countries around the world to enact comprehensive privacy legislation. We look forward to continuing to work with other companies, members of Congress, and administration officials to achieve this goal.
More Reading
To keep up with the breakneck pace of work and deliver detailed insights to clients, professional services firms will need to bust data silos and automate time-consuming tasks. Here’s how the industry’s leaders can prepare for the future.
Rising climate change risks, heightened consumer expectations, and a dearth of tech talent loom large among the insurance industry’s near-term issues and opportunities. Industry experts share how these demands—and more—will shape the industry in the years to come.
Demand for nonprofit services shows no signs of slowing—and neither does the competition for funding dollars and staff needed to deliver on their missions. With an eye to the future, nonprofit leaders can create impact with new innovations and opportunities.
