The Internet Technical Advisory Committee (ITAC) to the OECD brings together the counsel and expertise of technically focused organizations, in a decentralized and networked approach to policy formulation for the Internet economy. The main purpose of ITAC is to contribute constructively to Internet-related policies developed in the OECD. It mostly contributes to the work of the OECD Committee on Digital Economy Policy (CDEP) and its specific working parties such as the Working Party on Communications and Infrastructure Services Policy (CISP) and the Working Party on Security and Privacy in the Digital Economy (SPDE).
On 21 June 2016 after the conclusion of the ITAC Forum in Cancun, Mexico, the following messages were published.
Key messages to the OECD Ministerial on the Digital Economy 20-23 June 2016, Cancun, Mexico
About the Internet technical community
- The Internet technical community is an indispensable stakeholder and significant contributor to the global Internet governance dialogue. The organizations and individuals in this community have had over four decades of cumulative experience in creating, improving, deploying, and managing the Internet in almost all countries of the world.
- We share a common culture that is grounded in a clear understanding of the unique technical characteristics of the Internet.These characteristics are essential to the Internet’s past, present, and future success as a platform for advancing the economic and social well-being of all of its users.
- The principles that have promoted and sustained the development of the Internetsince its inception — the open and inclusive process for developing Internet protocols and standards, the impartial stewardship of Internet naming and addressing resources, and the decentralized cooperation and collaboration of network operators around the globe — are the Internet technical community’s critical contribution to debates on Internet governance and the future of the Internet economy.
Policies for a trusted Internet
- The most successful Internet policies enhance and are built on the Internet’s unique properties such as information-sharing, global reach and secure communication, resilience and its ability to enable collaboration and innovation at the edges.
- Some government decisions about the Internet are coloured by fear, distrust and uncertainty. Cyber strategies that focus on reaching “absolute security” risk closing countries off from its greatest benefits; openness, innovation and growth.
- Participation in the global digital economy means global interdependence and trust. Though they might at first seem to be vulnerabilities, the global interdependence and trust the Internet is built on are its greatest strengths and the source of its economic and social benefits.
- Policy-makers (whether domestic, regional or global) face a choice between two different paths forward. One path leads to an open, trusted, multistakeholder Internet and all the social and economic benefits it brings, while the other path leads to an untrusted and increasingly fragmented network that fails to drive growth and remains vulnerable to threats from outside. One path leads to opportunity, the other to stagnation. The key is trust, and how to sustain the Internet as a fundamentally vibrant and trusted space.
- There will always be risks and downsides to an open network – malicious actors will find ways to exploit vulnerabilities; and technologies and capabilities we develop to improve one part of life may impact another. But threats can be mitigated, risks and information distributed, weaknesses shared and repaired. The network’s very openness contains the means to protect it.
Multistakeholder policy solutions
- The Internet evolved within and alongside a system of multistakeholder governance where those affected by decisions have the opportunity to be part of them.
- All stakeholders share a collective responsibility for the continued vitality of the Internet and the benefits it brings our societies and the global economy.
- Building and sustaining a trusted Internet means different types of players – with different roles and responsibilities – need to take action, closest to where the issues are occurring.
- The Internet’s governance reflects the Internet itself; open, distributed, interconnected and transnational. Just as the Internet is interoperable, so are its governing parts.
Key priorities for the future of the digital economy
- Expanding Connectivity: Access to the Internet offers unprecedented opportunities to bridge economic and social divides. However, more than half the world’s population is not yet online. To expand global connectivity, and to improve affordability and accessibility, it is crucially important to harness the full benefits of the Internet as a platform for the digital economy driven by innovations at its edges. The goal has to be a policy environment conducive to private sector investments and competitive markets, one that supports the global adoption of Internet Protocol version 6 (IPv6) in order to extend the Internet address space, as well as the development of local content, not least through the introduction of International Domain Names (IDNs) and Internet Exchange Points (IXPs).
- Preserving the Open Internet: Global interoperability and preservation of the Internet’s end-to-end principle, where each node in the network can reach all other nodes in the world through a free flow of information, must be protected to ensure its utility as a platform for connecting people, and thus for education, innovation, creativity and economic opportunity. The use of open standards and principles of permissionless innovation at the edges of the network must be protected to ensure the Internet’s continued development as a general-purpose technology to benefit all stakeholders. Neither government regulation nor economic monopolies should delay or prevent the continued development of the Internet trough anti-competitive behavior.
- Ensuring trusted technologies: The continued growth of the digital economy is dependent on users and businesses knowledge that security and other policy objectives do not hurt their privacy expectations, online identities and fundamental rights. This trust can only be ensured through collaborative solutions, and by making multistakeholder participation the norm in all aspects of the Internet’s governance. It requires a legal environment that obliges, but also enables companies to support users rights, as well as a strengthening of the users’ understanding of the importance of security, and the skills needed to protect themselves and other users. Fostering the adoption of security protocols and standards developed in a bottom-up process, such as the DNS Security standard (DNSSEC) is also necessary.
- Strengthening the skills of users and workers: The sustainable development of the digital economy can only be achieved through strengthening the required skills of users and workers. Digital literacy, and the inclusion of ICTs in education and trainings, must be the norm in formulating capacity building policies in the future economy characterized by cross-sectoral digitalization – including targeted efforts for women, youth, and persons with disabilities.
The following is a statement by Laurent Liscia, CEO of OASIS and spokesperson for ITAC during the press conference following the OECD Ministerial Meeting’s Stakeholder Day.
“First, let me name a few highlights among the 9 principles the OECD Ministers agree on:
- Support the free flow of information
- Increase broadband connectivity and harness the potential of interconnected and converged infrastructures and digital services
- Embrace the opportunities arising from emerging technologies and applications
- Promote digital security risk management and the protection of privacy at the highest level of leadership
By: Government Engagement Group, ICANN
The Internet Corporation for Assigned Names and Numbers (ICANN) was formed in 1998. Then there were about 150 million global Internet users, and only 7 Generic Top Level Domains (gTLDs). Today there are more than 3 billion Internet users, with at least 300 gTLDs (many of them offering names in non-Latin scripts) by the end of 2014.
By Adiel Akplogan, CEO, AFRINIC
The African Network Information Centre (AFRINIC) is the Regional Internet Registry (RIR) for Africa and the Indian Ocean region. Aside from distributing IPv4, IPv6 and Autonomous System Numbers (ASNs) to 56 economies in its service region, AFRINIC plays a leading role in capacity building initiatives, including technical training, supporting infrastructure and technology development, community outreach and engagement activities.
By Christine Runnegar, Director, Public Policy , Internet Society
2013 marks the 33rd anniversary of the OECD Privacy Guidelines. It is also the year that the OECD adopted the Revised Privacy Guidelines. Much has changed in 33 years. Even the OECD has changed in that time. Since 1980, the OECD community has grown to include new members: Chile, Czech Republic, Estonia, Hungary, Israel, South Korea, Mexico, Poland, Slovakia, Slovenia; and two new advisory committees: CSISAC and ITAC.
In 2010, the OECD recognised that it was time to revisit the Guidelines, and after careful research and consideration as to how the privacy landscape has evolved, consultation with privacy experts, and thorough deliberation, the OECD adopted the Revised Privacy Guidelines in 2013.
How have the Guidelines evolved?
A new part has been added explaining how the “Accountability Principle” should be implemented. In particular, the Guidelines provide that data controllers should have in place a privacy management programme, be prepared to demonstrate that their respective privacy management programmes are appropriate, and provide notifications of significant data breaches. Additionally, the guidelines make it clear that the data controller remains accountable without regard to the data’s location.
Accountability-based approaches to legal compliance are likely to continue to gain popularity as they offer the potential of a more flexible approach, as well as a way to bridge diverse legal regimes and shift the resource burden from enforcement to compliance.
The changes to the principles governing transborder data flows seem subtle, but they are significant. Firstly, they now cover flows to non-OECD member countries. Secondly, although the text is still framed as “refrain from restricting transborder flows of personal data” the circumstances in which flows are not restricted are, arguably, narrower. Member countries now need to be satisfied that the recipient substantially observes the guidelines or that sufficient safeguards exist before they refrain from restricting transborder data flows. However, the restrictions that may be imposed have been confined by the introduction of a requirement that they be proportionate to the risks presented. How this works in practice remains to be seen.
The revisions regarding national implementation reflect the changing perspective on how best to achieve privacy protection. For example, they underline the importance of effective enforcement authorities. They also introduce the notion of a national privacy strategy and the idea of complementary measures such as the promotion of privacy-protecting technical measures.
International cooperation has been expanded to specifically incorporate the concept of “interoperability”, strengthen cross-border enforcement cooperation, and encourage the development of internationally comparable metrics.
One significant area that remains essentially untouched is “exceptions” (including, for national security). With different timing, this might not have been the case. However, as it presently stands, the guidance is minimal, i.e. that exceptions to the Guidelines should be: “as few as possible” and “made known to the public”. It is abundantly clear that more work is needed to ensure that there are truly effective constraints and safeguards, plus a commitment to follow them. Here is a clear opportunity for the OECD to lead the way.
 The Evolving Privacy Landscape: 30 Years After the OECD Privacy Guidelines
 See OECD Revised Privacy Guidelines, Part 3
 See OECD Revised Privacy Guidelines, Part 4, paragraph 16
 See OECD Revised Privacy Guidelines, Part 4, paragraph 17
 taking into account the sensitivity of the data, and the purpose and context of the processing. See OECD Revised Privacy Guidelines, Part 4, paragraph 18
 See OECD Revised Privacy Guidelines, Part 5, paragraph 19
 See OECD Revised Privacy Guidelines, Part 5, paragraphs 20-22
 See OECD Revised Privacy Guidelines, Part 1, paragraph 4
Christine Runnegar is Director, Public Policy at the Internet Society, based in Geneva, Switzerland. Her current areas of interest include online privacy, security and identity. Christine contributes to the OECD’s work on privacy through the Internet Technical Advisory Committee (ITAC) and APEC’s work on the Cross Border Privacy Rules (CBPR) System through the APEC ECSG Data Privacy Sub-Group (DPS). She also participates in the Internet Architecture Board (IAB) Privacy Program, co-chairs the W3C Privacy Interest Group (PING), and works closely with other Internet technical experts on privacy and provenance. Christine also led the pilot Internet Society Copyright Working Group and the development of the Internet Society’s paper entitled Perspectives on Policy Responses to Online Copyright Infringement – An Evolving Policy Landscape.
Prior to joining the Internet Society in 2009, Christine was a Senior Executive Lawyer employed by the Australian Government Solicitor. As a lawyer for the Australian government, Christine worked in a variety of areas, principally in competition and consumer protection law, but also in administrative law, taxation law, privacy and freedom of information law, corporate regulation and commercial law, information technology, and communications law (specifically anti-spam law).
Christine holds Bachelor degrees in Law and Economics, and is a qualified arbitrator and mediator. She is qualified to serve as a panellist to resolve .au domain name disputes under the .au Dispute Resolution Policy.