Digital Discourse / Archives for EU

Saving the Safe Harbor: Commissioner Julie Brill to the Rescue!

September 17, 2013 By

At the EU Data Protection and Privacy Conference today in Brussels, FTC Commissioner Julie Brill delivered a powerful speech about the way the U.S. protects consumer privacy. Along the way she offered a strong defense of the U.S. Safe Harbor Framework for European privacy:

“In the commercial space, the Safe Harbor Framework facilitates the FTC’s ability to protect the privacy of EU consumers. Without the Safe Harbor, my job to protect EU consumers’ privacy, where appropriate, would be much harder. In an era where we face many threats to privacy, Safe Harbor has been an effective solution, not the problem.”

In the face of so many challenges to the Safe Harbor Framework coming from European public officials, this speech from a prominent U.S. consumer protection official is a crucial reminder of the importance of this cross-border framework for international privacy protection.

Her remarks are also notable for the clear distinction she makes between government surveillance and commercial privacy:

“The issue of the proper scope of government surveillance is a conversation that should happen – and will happen – on both sides of the Atlantic. But it is a conversation that should proceed outside out of the commercial privacy context.”

As I’ve noted in previous blogs, the conflation of the two is damaging to both the need to protect citizens from intrusive government surveillance and in finding the right sort of fair information practices that provides for commercial enterprise, innovation and the preservation of consumer privacy.  Commissioner Brill is exactly right when she insists on keeping these issues separate.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

In the midst of Hill privacy buzz, Obama Administration and EU are moving forward

October 18, 2011 By

Despite Capitol Hill continuing to dominate news headlines regarding data privacy, the work and policy proposals pending from the Obama Administration and the European Commission are more significant at this time.

Here in the U.S., both the Federal Trade Commission and the Dept. of Commerce are readying to release their long-awaited reports on Commercial Data Privacy, seeking to conclude parallel processes launched in late 2010. The Commerce Report will echo the Administration’s call for legislation to provide for baseline privacy regulation, and to propose a framework for establishing a voluntary codes of conduct to be developed through a multi-stakeholder process, specifying how these basic principles should be implemented for a specific industry sector. A promise to abide by the code would be enforceable by the FTC.

On the other side of the Atlantic, the EU is working on revising the EU Data Protection Directive, with proposed revisions expected to be released in the first quarter of 2012. Key issues under consideration include the so-called “right to be forgotten,” “privacy by design” and an accountability framework.

The accountability framework is the way in which the EC is proposing to relax restrictions on cross-border data flows. Instead of further attempts to clarify what an “adequate” legal framework for privacy might be, the proposed EU directive would look to representations by companies regarding their privacy practices. This might create substantial efficiencies compared to negotiating separate arrangements with data protection authorities. The U.S. Government is actively talking with their EU Commission and national officials to move this accountability framework from concept to practical implementation.

Meanwhile, there is not a consistent understanding of what would be required for implementation of the mandatory opt-in consent for cookies. This is already part of the EU ePrivacy Directive, but it has not been implemented by most EU countries.

For a more detailed report on US and EU privacy, visit the recent SIIA policy update.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Policy, Software Tagged With: , ,

SIIA Commends EU for Looking to Maximize Cloud Computing, Urges Caution and Focus on Trans-border Data Flow

September 2, 2011 By

On Wednesday, SIIA submitted comments to the European Commission’s (EC) cloud computing consultation, a public inquiry launched in May to develop a European cloud computing strategy that the Commission will present in 2012, which will “aim to clarify the legal conditions for the take-up of cloud computing in Europe, stimulate the development of a competitive European cloud industry and market, and facilitate the roll-out of innovative cloud computing services for citizens and businesses.” This is a laudable objective, and the EU should be commended for several aspects.

First, the EU is on track in recognizing the ability of cloud computing to spur growth by helping businesses, reduce IT costs and level the playing, especially for SMEs. Second, they’re looking to the public sector to utilize cloud computing to provide better services at lower cost. And, they’ve rightly identified the need for open standards and interoperability to spur competition and choice.

However, as part of this initiative the EU is also looking to potentially make significant changes to current laws, and possibly create some new ones. It’s this area where SIIA urges caution. Consistent with the guidance we provided in our recent cloud computing white paper for policymakers, our comments urge caution in this area, with a particular emphasis on maintaining a level playing field for software and IT services, whether offered locally, via traditional externally-hosted services, or by utilizing “cloud computing.”

In our comments, we also highlighted the greatest current barrier to cloud adoption: the considerable challenges posed by issues surrounding transnational data flows, particularly the challenges associated with conflicts of law and jurisdiction within the EU and beyond. This is not an issue that is specific to cloud computing, but it has been exacerbated by it.

While we won’t know for some time which way the EU goes on this one, there was some more good news announced by EU VP Neelie Kroes earlier this week when she announced at Dreamforce 2011, that former United States CIO Vivek Kundra–a strong advocate for government use of cloud computing—will serve as an advisor in helping develop Europe’s cloud computing strategy.

Share|
Filed Under: Policy, Policy - Cloud Computing, PSIG Tagged With: , , ,