Despite Capitol Hill continuing to dominate news headlines regarding data privacy, the work and policy proposals pending from the Obama Administration and the European Commission are more significant at this time.
Here in the U.S., both the Federal Trade Commission and the Dept. of Commerce are readying to release their long-awaited reports on Commercial Data Privacy, seeking to conclude parallel processes launched in late 2010. The Commerce Report will echo the Administration’s call for legislation to provide for baseline privacy regulation, and to propose a framework for establishing a voluntary codes of conduct to be developed through a multi-stakeholder process, specifying how these basic principles should be implemented for a specific industry sector. A promise to abide by the code would be enforceable by the FTC.
On the other side of the Atlantic, the EU is working on revising the EU Data Protection Directive, with proposed revisions expected to be released in the first quarter of 2012. Key issues under consideration include the so-called “right to be forgotten,” “privacy by design” and an accountability framework.
The accountability framework is the way in which the EC is proposing to relax restrictions on cross-border data flows. Instead of further attempts to clarify what an “adequate” legal framework for privacy might be, the proposed EU directive would look to representations by companies regarding their privacy practices. This might create substantial efficiencies compared to negotiating separate arrangements with data protection authorities. The U.S. Government is actively talking with their EU Commission and national officials to move this accountability framework from concept to practical implementation.
Meanwhile, there is not a consistent understanding of what would be required for implementation of the mandatory opt-in consent for cookies. This is already part of the EU ePrivacy Directive, but it has not been implemented by most EU countries.
For a more detailed report on US and EU privacy, visit the recent SIIA policy update.
David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.