The procedures for implementing regulations concerning computerized personal data
files are left to the initiative of each State subject to the following
orientations:
A. PRINCIPLES CONCERNING THE MINIMUM GUARANTEES THAT SHOULD BE PROVIDED IN
NATIONAL LEGISLATIONS
1. Principle of lawfulness and fairness
Information about persons should not be collected or processed in
unfair or unlawful ways, nor should it be used for ends contrary to the
purposes and principles of the Charter of the United Nations.
2. Principle of accuracy
Persons responsible for the compilation of files or those responsible
for keeping them have an obligation to conduct regular checks on the accuracy
and relevance of the data recorded and to ensure that they are kept as complete
as possible in order to avoid errors of omission and that they are kept up to date
regularly or when the information contained in a file is used, as long as they
are being processed.
3. Principle of the purpose-specification
The purpose which a file is to serve and its utilization in terms of
that purpose should be specified, legitimate and, when it is established,
receive a certain amount of publicity or be brought to the attention of the
person concerned, in order to make it possible subsequently to ensure that:
(a) All the personal data collected and recorded remain relevant and
adequate to the purposes so specified;
(b) None of the said personal data is used or disclosed, except with
the consent of the person concerned, for purposes incompatible with those
specified;
(c) The period for which the personal data are kept does not exceed
that which would enable the achievement of the purposes so specified.
4. Principle of interested-person access
Everyone who offers proof of identity has the right to know whether
information concerning him is being processed and to obtain it in an
intelligible form, without undue delay or expense, and to have appropriate
rectifications or erasures made in the case of unlawful, unnecessary or
inaccurate entries and, when it is being communicated, to be informed of the
addressees. Provision should be made for a remedy, if need be with the
supervisory authority specified in principle 8 below. The cost of any
rectification shall be borne by the person responsible for the file. It is
desirable that the provisions of this principle should apply to everyone,
irrespective of nationality or place of residence.
5. Principle of non-discrimination
Subject to cases of exceptions restrictively envisaged under principle
6, data likely to give rise to unlawful or arbitrary discrimination, including
information on racial or ethnic origin, colour, sex
life, political opinions, religious, philosophical and other beliefs as well as
membership of an association or trade union, should not be compiled.
6. Power to make exceptions
Departures from principles 1 to 4 may be authorized only if they are
necessary to protect national security, public order, public health or
morality, as well as, inter alia, the rights and
freedoms of others, especially persons being persecuted (humanitarian clause)
provided that such departures are expressly specified in a law or equivalent
regulation promulgated in accordance with the internal legal system which
expressly states their limits and sets forth appropriate safeguards.
Exceptions to principle 5 relating to the prohibition of discrimination,
in addition to being subject to the same safeguards as those prescribed for
exceptions to principles I and 4, may be authorized only within the limits
prescribed by the International Bill of Human Rights and the other relevant
instruments in the field of protection of human rights and the prevention of
discrimination.
7. Principle of security
Appropriate measures should be taken to protect the files against both
natural dangers, such as accidental loss or destruction and human dangers, such
as unauthorized access, fraudulent misuse of data or contamination by computer
viruses.
8. Supervision and sanctions
The law of every country shall designate the authority which, in
accordance with its domestic legal system, is to be responsible for supervising
observance of the principles set forth above. This authority shall offer
guarantees of impartiality, independence vis-a-vis
persons or agencies responsible for processing and establishing data, and
technical competence. In the event of violation of the provisions of the
national law implementing the aforementioned principles, criminal or other
penalties should be envisaged together with the appropriate individual
remedies.
9. Transborder data flows
When the legislation of two or more countries concerned by a transborder data flow offers comparable safeguards for the
protection of privacy, information should be able to circulate as freely as
inside each of the territories concerned. If there are no reciprocal
safeguards, limitations on such circulation may not be imposed unduly and only
in so far as the protection of privacy demands.
10. Field of application
The present principles should be made applicable, in the first
instance, to all public and private computerized files as well as, by means of
optional extension and subject to appropriate adjustments, to manual files.
Special provision, also optional, might be made to extend all or part of the
principles to files on legal persons particularly when they contain some
information on individuals.
B.
APPLICATION OF THE GUIDELINES TO PERSONAL DATA FILES KEPT BY GOVERNMENTAL
INTERNATIONAL ORGANIZATIONS
The present guidelines should apply to personal data files kept
by governmental international organizations, subject to any adjustments
required to take account of any differences that might exist between files for
internal purposes such as those that concern personnel management and files for
external purposes concerning third parties having relations with the
organization.
Each organization should designate the authority statutorily competent
to supervise the observance of these guidelines.
Humanitarian clause: a derogation from these
principles may be specifically provided for when the purpose of the file is the
protection of human rights and fundamental freedoms of the individual concerned
or humanitarian assistance.
A similar derogation should be provided in national legislation for
governmental international organizations whose headquarters agreement does not
preclude the implementation of the said national legislation as well as for
non-governmental international organizations to which this law is applicable.
©
Copyright 1997 - 2000
Office of the United Nations High Commissioner for Human Rights