The OECD Guidelines are a set of privacy principles that countries can refer to when developing regulations surrounding cross-border data flows.
The OECD Guidelines set out privacy principles that apply to personal information wherever it is processed, including by companies operating in foreign jurisdictions. They are intended to provide a common framework for self-regulatory privacy regimes and apply to both domestic and foreign entities that collect, use or disclose personal information. The guidelines also include guidance for countries as they develop regulations surrounding cross-border data flows.
The OECD Guidelines take an expansive view of what constitutes personal data, covering any information that can be used to uniquely identify an individual. This includes basic information such as name, address, phone number, and email address; more complex data such as biometrics (fingerprints or facial recognition); and even less tangible information like location data from cellphones or other mobile devices.
