Back to blog

OECD Guidelines: 8 Privacy Principles to Live By

Data privacy & security GDPR

Written by , ,

Published September 21, 2018 · Updated May 23, 2024

OECD Guidelines: 8 Privacy Principles to Live By

There is no one-size-fits-all solution when it comes to reducing data-privacy risks.

Protection policies may depend on numerous considerations, such as different categories of data, varying legislation, or purpose of data processing.

However, there are frameworks that may be used as tools to help you structure discussions about privacy requirements in your organization.

A great example of such rules comes in the form of principles developed by the Organization for Economic Cooperation and Development (OECD).

Read our exhaustive guide on collecting, managing, and storing user consents, plus learn the ways GDPR Consent Manager can help you remain privacy compliant

Download FREE Guide

Guidelines on the Protection of Privacy and Transborder Flows of Personal Data by the OECD became an internationally accepted set of rules for processing personal information.

Reflected in existing and emerging data-protection laws, they can serve as an excellent basis for any analytics endeavor aiming to reduce data-privacy risks. It is also a sound direction for governance of personal data collected and processed by organizations over the course of their business.

The privacy principles defined by the OECD consist of the following:

1. Collection Limitation:

Data collection should occur only with the knowledge and consent of a concerned individual (data subject).

2. Data Quality:

You should only collect information which is relevant and accurate for a particular aim.

3. Individual Participation:

The concerned individual should know if their information has been collected and must be able to access it if such data exists.

4. Purpose Specification:

The intended use for a particular piece of information must be known at the time of collection.

5. Use Limitation:

Collected data must not be used for purposes other than the ones specified at the time of collection.

6. Security Safeguards:

Reasonable measures must be taken to protect data from unauthorized use, destruction, modification, or disclosure of personal information.

7. Openness:

Individuals should be able to avail themselves of data collection and be able to contact the entity collecting this information.

8. Accountability:

Data collector should be held accountable for failing to abide by any of the above rules. There needs to be a dedicated person.

OECD guidelines vs GDPR

The OECD principles are closely tied with the European Union legislation and cultural expectations.

That’s why it comes as no surprise that GDPR’s spirit and much of its detail reflect the OECD privacy framework. All that makes these outlined principles are a great core for your web-analytics privacy practices.

However, keep in mind that the provisions of GDPR are much broader and simply following the good practices introduced by OECD won’t be enough to comply with them.

We write about it in numerous blog post on our website – if you want to learn more about the topic, be sure to visit GDPR section on our blog.


Aurélie Pols

DPO at mParticle

Aurélie Pols designs best data privacy practices: documenting data flows, minimizing data use risks, and striving for data quality. Aurélie follows the money to streamline data trails while touching upon security practices and ethical data uses. She leads her own consultancy, serves as DPO for New York-based CDP mParticle, was part of the EDPS' Ethics Advisory Group and now serves the European Commission as an expert in the Observatory of the Online Platform Economy.

See more posts by this author


Ewa Bałazińska

See more posts by this author


Karolina Lubowicka

Senior Content Marketer and Social Media Specialist

An experienced copywriter who takes complex topics of data privacy & GDPR and makes them understandable for all. LinkedIn Profile

See more posts by this author

Core – a new plan for Piwik PRO Analytics Suite

Privacy-compliant analytics, built-in consent management and EU hosting. For free.

Sign up for free