The OECD has published their 386 page "Privacy Online" report. Definitely not bedtime reading but could have important policy implications. It's based on an OECD ministerial declaration from 1998 on the "Protection of Privacy on Global Networks" with the objective of ensuring "the effective protection of privacy and personal data as well as the continued transborder flow of personal data on global networks."

You could be forgiven for going "Pardon?" at that point.

Chapter 3, pages 27 - 35 gives the meat of the guidelines.

Legislation and self regulation each have advantages and disadvantages etc. OECD work suggests a mix of the two is best etc. Involvement of all is the key etc. OECD member countries should:

Ensure organisations adoption of privacy policies through internal review and linking to OECD site.

Ensure organisations post privacy policies online by encouraging them to do so and auditing them.

Ensure availability of enforcement and redress mechanisms in case of breach of privacy policies by encouraging the use of online alternative dispute mechanisms and actively fostering compliance with privacy policies by raising organisations' awareness..."

Sorry folks but I stopped at that point. This document does not actually appear to be saying anything at all about privacy or information flows in practice. Some people I have a great deal of respect for, like Ian Lloyd at the University of Strathclyde, are noted as having been involved in its production, so I'm sure there is more to it than the first 30 pages appear to promise (Prof Lloyd is mentioned re Chpt 14) but I'm going to allow somebody else to do the leg work on extracting the relevant information.