The OECD"The Board's Recommendation on Guidelines for the Protection of Privacy and the Cross-Border Transfer of Personal Data"(Provisional translationThe "Guidelines on the Protection of Privacy and the Cross-Border Flow of Personal Data," which is an annex to the "Guidelines on the Protection of Privacy and the Cross-Border Flow of Personal Data"PART TWO. BASIC PRINCIPLES OF NATIONAL APPLICATIONThe eight principles listed within the text correspond to sections 7 through 14 in the original document.
On this page, the numbers (1), etc., preceding the titles of each principle have been added for clarity, indicating that there are eight principles. Also, following convention, "Accountability" is translated as "responsibility." Note that Part 8 of the OECD Privacy Guidelines is...PART THREE. IMPLEMENTING ACCOUNTABILITY"(Provisional translationTherefore, referring to this as well will make it easier to understand what "Accountability" refers to here.
Also, I would like to point out that the privacy guidelines, in section 3, state the following:
3. The principles set forth in these guidelines are complementary and should be read as a whole.
In other words, it's not acceptable to simply take what's known in Japan as the OECD's eight principles (Part 8 of the guidelines) and read them in isolation.full textYou need to read it carefully and understand it within that context. Again,We recommend you refer to the full text here..
Part 2: Basic Principles Regarding Domestic Application
(1) Collection Restriction Principles (Collection Limitation Principle)
- The collection of personal data should be restricted, and such data should be collected through lawful and fair means, and, where appropriate, with the knowledge or consent of the data subject.
(2) Data Quality Principles (Data Quality Principle)
- Personal data should be relevant to the purpose for which it is used and should be kept accurate, complete, and up-to-date to the extent necessary for that purpose.
(3) Principle of clarity of purpose (Purpose Specification Principle)
- The purpose for which personal data is collected should be specified at the latest by the time of data collection, and its subsequent use should be limited to achieving that purpose, or other purposes that are not inconsistent with that purpose and are specified each time the purpose changes.
(4) Principles of Usage Restrictions (Use Limitation Principle)
- Personal data should not be disclosed, provided, or otherwise used for any purpose other than those specified in accordance with Section 9, except in the following cases:
a) When the data subject has given their consent; or
b) When permitted by law.
(5) Safety protection principles (Security Safeguards Principle)
- Personal data should be protected by reasonable security measures against risks such as loss or unauthorized access, destruction, use, alteration, or disclosure of data.
(6) Principle of Disclosure (OpenFire Principle)
- General disclosure policies should be established regarding the development, practices, and policies concerning personal data. Means for verifying the existence and nature of personal data, its primary uses, and the identity and usual location of the data controller should be readily available.
(7) The principle of individual participation (Individual Participation Principle)
- Individuals should have the right to:
a) Requesting the data controller or other party to confirm whether or not the data controller holds data about oneself;
b) Regarding data about oneself,
i. Within a reasonable time
ii. At a reasonable fee (if any);
iii. In a reasonable manner
iv. In a form that is easily understandable to the individual
To be made known;
c) If a claim under a) and b) is denied, the reasons for that denial will be explained, and that an objection may be raised against such denial; and
d) The right to object to data relating to oneself, and, if the objection is accepted, the data to be deleted, corrected, supplemented, or modified.
(8) Principle of responsibility (Accountability Principle)
- Data controllers should be responsible for ensuring compliance with measures that make the above principles effective.
(Source) OECD. (2013). Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0188