TopicsDigital security and privacy

Digital security and privacy protection have become public policy priorities in an increasingly digital and data-dependent economy and society. A key challenge for governments, businesses and individuals is to reduce these risks to increase trust without inhibiting the opportunities offered by the digital economy

Personal data and privacy

A growing number of online entities are collecting vast amounts of personal data. Data "mining" and advances in data analytics now make it possible to infer sensitive information from data which may appear trivial at first, such as past individual purchase behaviour or electricity consumption. The misuse of these insights can implicate the core values and principles which privacy protection seeks to promote, such as individual autonomy, equality and free speech, and this may have a broader impact on society. 

While protection by law is essential, privacy in an increasingly data-driven economy would benefit from a multifaceted strategy, reflecting a whole-of-society vision, and supported at the highest levels of government, as called for in the OECD Privacy Guidelines and the 2016 Cancun Ministerial Declaration on the Digital Economy. Such strategies need to strike the right balance between the social and economic benefits of enhanced reuse and sharing of data and analytics, and individuals’ and organisations’ legitimate concerns about such openness, including protection of privacy and intellectual property rights. Coordinated privacy strategies at the national level would enhance privacy protection in an increasingly data-driven environment.

Digital security

Digital security is essential for trust in the digital age. In the digital environment we are all interdependent, and only as strong as the weakest link. Since the early 1990s the OECD has been facilitating international co-operation and developing policy analysis and recommendations in this area.

The OECD digital security policy framework is based on the 2015 OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity. It provides principles on how to address digital security without restricting the use, dynamic nature and openness of digital technologies and without inhibiting the potential of digital technologies to foster innovation. The Recommendation calls leaders and decision makers to integrate digital security risk management as part of their economic and social decision making rather than addressing it only as a technical matter.

Adopted in December 2019, the OECD Recommendation on Digital Security of Critical Activities sets out policy recommendations to ensure that policies targeting operators of critical activities focus on what is essential for the economy and society without imposing unnecessary burdens elsewhere. These recommendations support adherents in adapting their overarching policy framework, promoting and building trust-based partnerships, and improving co-operation at the international level.

The Recommendation updates and replaces the 2008 OECD Recommendation on the Protection of Critical Information Infrastructures, which was the first international legal instrument in this area.

Since late 2018, the OECD Global Forum on Digital Security for Prosperity offers an international multilateral setting for all stakeholder communities of experts to dialogue, share experiences and influence public policy making on digital security.

Protection of children online

The landscape that gave rise to the 2012 OECD Recommendation on the Protection of Children Online has changed dramatically. As children’s online behaviour has evolved, so too have the risks that they face.

We highlight work to update the Recommendation and consider some of the policy and legislative avenues countries take to protect children online and promote positive online use in a chapter of the October 2019 publication Educating 21st Century Children: Emotional Well-being in the Digital Age.

A February 2020 policy note on growing up online also looks at how policies should address the needs of children in today's digital environment.

Measuring digital security risk management practices in businesses

Policy makers’ ability to measure, analyse and understand the digital security risk management practices of businesses has not kept sufficient pace with technological change.

Published in June 2019, this OECD digital economy paper synthesises an OECD project to develop a framework and a set of statistical indicators that can be used to assess the digital security risk management practices of businesses, particularly SMEs. It provides an in-depth explanation of the measurement framework and an analysis of the outcomes of a pilot survey instrument based on it, tested with members of the Federation of European Risk Management Associations (FERMA) in 2018.

Insuring companies against cyber risks

Although quantitative measurement is still emerging and raises significant challenges, the frequency and scope of cyber incidents is growing significantly and cyber risk is viewed as one of the main concerns to doing business. For insurance to have a significant impact on risk reduction, the market must be offering a material level of coverage to a large share of companies and individuals at risk. This is not currently the case.

Prepared at the request of the G7 Presidency, Enhancing the Role of Insurance in Cyber Risk Management provides a market overview for cyber insurance, including available coverage and potential gaps as well as current challenges in terms of data availability, quantification of cyber risks, awareness and misunderstanding about coverage. It identifies potential policy measures to address some of the challenges to the development of an effective cyber insurance market.

See also:

Trust in the digital economy

In a special 2014 Eurobarometer report on cybersecurity, two concerns reported by Internet shoppers in the European Union were misuse of personal data and security of online payments. According to a Per Research Center poll the same year, 91% of Americans surveyed agreed that consumers have lost control of their personal information and data. 

In a 2014 OECD survey on the digital economy, governments identified security as the second highest priority area and privacy as the third out of 31 possibilites, with only broadband coming higher. 

A chapter on digital risk and trust in the OECD Digital Economy Outlook 2017 reviews trends in digital privacy and security incidents and onlien fraud, and discusses how to build trust in the digital economy, including through consumer protection. Another chapter looks at policy and regulation aimed at enhancing trust in the digital economy.

The Digital Economy Outlook 2015 also contains a chapter devoted to trust in the digital economy covering a select number of trends.