In his keynote speech to the 1999 International Conference of Data Protection and Privacy Commissioners in Hong Kong Australian High Court Justice Michael Kirby, stressed the need for new privacy principles apt to contemporary technology. This remark was an incentive for the International Working Group to consider which principles could be essential for international (or national) agreements regarding the specific problems of telecommunications privacy in the information society.

The following text is a first attempt to resume the actual discussion and transform their results into principles which could be either integrated in existing agreements or be adopted as a separate document. They encompass ideas Justice Kirby presented himself in his speech.

Ten Commandments to protect Privacy in the Internet World

Informational Separation of Powers: Network and Service Providers must not intercept or interfere with any contents except where explicit law requires it. Insofar as Network or Service Providers provide contents themselves, responsibilities for the respective functions have to be separated.

Telecommunications Secrecy: Network and Service Providers must not disclose any information on contents or data traffic except for the purposes of telecommunications or where explicit law requires it.

Data Austerity: Telecommunications infrastructure has to be designed in a way that as few personal data are used to run the networks and services as technically possible.

Right to Anonymity: Network and Service Providers have to offer to any user the option to use the network or to access the services anonymously or using a pseudonym. Pseudonyms which are used for this reason must not be revealed except where explicit law requires it.

Virtual Right to be Alone: Nobody must be forced to let his or her personal data be published in directories or other indices. Every user has to be given the right to object to his or her data being collected by a search engine or other agents. Every user has to be given the right and the technical means to prevent the intrusion of external software into his own devices.

Right to Security: Every user has to be given the right and the technical means to communicate his contents confidentially by using suitable methods such as encryption.

Restriction on Secondary Use: Traffic data must not be used for other purposes than those which are necessary to run the networks or services without explicit consent of the user.

Transparency: Network and Service Providers have to publish in a reasonable way all necessary explanations that is necessary for users to recognise the structure of the network or service, the respective responsibilities, the amount of personal data being processed, and the planned disclosure.

Access to personal data: Every user has to be given the individual right to be informed on all personal data which are processed about him or her to run the network or service on-line.

International Complaints Resolution: Facing the international aspects of all network and service activities every user has to be given the right to complain to an authority with transborder powers of investigation and enforcement if national legislation is not sufficient to guarantee his or her rights.

The Working Group calls upon international organisations and public and private agencies to incorporate these principles into their policies and regulatory framework.