Back to blog

OECD Guidelines: 8 Privacy Principles to Live By

Data privacy & security GDPR

Written by , ,

Published September 21, 2018 · Updated October 24, 2018

OECD Guidelines: 8 Privacy Principles to Live By

There is no one-size-fits-all solution when it comes to reducing data-privacy risks.

Protection policies may depend on numerous considerations, such as different categories of data, varying legislation, or purpose of data processing.

However, there are frameworks that may be used as tools to help you structure discussions about privacy requirements in your organization.

A great example of such rules comes in the form of principles developed by the Organization for Economic Cooperation and Development (OECD).

Read our exhaustive guide on collecting, managing, and storing user consents, plus learn the ways GDPR Consent Manager can help you remain privacy compliant

Download FREE Guide

Guidelines on the Protection of Privacy and Transborder Flows of Personal Data by the OECD became an internationally accepted set of rules for processing personal information.

Reflected in existing and emerging data-protection laws, they can serve as an excellent basis for any analytics endeavor aiming to reduce data-privacy risks. It is also a sound direction for governance of personal data collected and processed by organizations over the course of their business.

The privacy principles defined by the OECD consist of the following:

Collection Limitation:
Data collection should occur only with the knowledge and consent of a concerned individual (data subject).
Data Quality:
You should only collect information which is relevant and accurate for a particular aim.
Individual Participation:
The concerned individual should know if their information has been collected and must be able to access it if such data exists.
Purpose Specification:
The intended use for a particular piece of information must be known at the time of collection.
Use Limitation:
Collected data must not be used for purposes other than the ones specified at the time of collection.
Security Safeguards:
Reasonable measures must be taken to protect data from unauthorized use, destruction, modification, or disclosure of personal information.
Individuals should be able to avail themselves of data collection and be able to contact the entity collecting this information.
Data collector should be held accountable for failing to abide by any of the above rules. There needs to be a dedicated person.

OECD guidelines vs GDPR

The OECD principles are closely tied with the European Union legislation and cultural expectations.

That’s why it comes as no surprise that GDPR’s spirit and much of its detail reflect the OECD privacy framework. All that makes these outlined principles are a great core for your web-analytics privacy practices.

However, keep in mind that the provisions of GDPR are much broader and simply following the good practices introduced by OECD won’t be enough to comply with them.

We write about it in numerous blog post on our website – if you want to learn more about the topic, be sure to visit GDPR section on our blog.


Aurélie Pols


A former Data Governance and Privacy Engineer with Salesforce (previously Krux Digital Inc.), a member of the European Data Protection Supervisor’s Ethics Advisory Group, a professor at IE Business School in Madrid, and an advisor to the International Association of Privacy Professionals (IAPP). A founder of a Privacy and Data Protection Consultancy, Mind Your Privacy.

See more posts by this author


Ewa Bałazińska

See more posts by this author


Karolina Lubowicka

Content Marketer

Content Marketer and Social Media Specialist at Piwik PRO. An experienced copywriter who takes complex topics of data privacy & GDPR and makes them understandable for all. LinkedIn Profile

See more posts by this author

Core – a new plan for Piwik PRO Analytics Suite

Privacy-compliant analytics, built-in consent management and EU hosting. For free.

Sign up for free

New Call-to-action