Skip down to main content

Data Protection Principles for the 21st Century: Revising the 1980 OECD Guidelines

By Fred H. Cate, Peter Cullen, Viktor Mayer-Schönberger
Cover of Data Protection Principles for the 21st Century: Revising the 1980 OECD Guidelines

“Big data is on the rise, enabling new forms of data use but also leading to new risks of data misuse. However, it is guidelines drawn up in 1980 by the Organisation for Economic Co-operation and Development (OECD) that have become the foundation for most national laws governing data protection. The OECD Guidelines took a comprehensive approach, covering data collection, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. The principles laid out in the Guidelines were crafted for a simpler time when data types and use were less complex; organizations collected data from individuals, stored that data in a computer, and then made deterministic uses and decisions about the individual based on that data.

Developed by an Oxford Internet Institute-led working group of senior leaders in data protection, this report offers suggestions on how to update the OECD Guidelines while preserving the goals that informed them. In doing so, it confronts a central question: How can we ensure data protection while enabling the personal and societal benefits that come from the use of data?”


Publication date:
March 2014



Fred H. Cate

Distinguished Professor and C. Ben Dutton Professor of Law, Maurer School of Law, Indiana University


Peter Cullen

General Manager, Trustworthy Computing Governance, Microsoft Corporation

Related topics