U.S., EU Web Privacy Regimes Converging

Is it the last stand for self-regulation? Top privacy officials from the United States and European Union describe efforts to harmonize policies, highlighting relative laxity of U.S. approach.

WASHINGTON -- European authorities have historically taken a tougher stance in imposing laws and regulations to protect consumer privacy than their U.S. counterparts, but senior officials from both sides of the Atlantic stressed on Thursday that they are working together to harmonize their respective policies in the age of borderless computing and multinational economic development.

Both the European Union and the United States are in the midst of wholesale reevaluations of their privacy regimes, with EU officials working under a November review order of the 1995 Privacy Directive, and U.S. executive agencies and lawmakers engaged in various stages of their own reviews and legislative initiatives.

"We're at a moment of such ferment in the European Union and the United States," Jim Halpert, a partner at the law firm DLA Piper, said in introductory remarks at a session here at a conference hosted by the International Association of Privacy Professionals.

Halpert was flanked by Federal Trade Commission Chairman Jon Leibowitz and Peter Hustinx, the European Data Protection Supervisor. Both officials acknowledged that the EU privacy regime is far more rigorous than U.S. policy, but Leibowitz signaled that the momentum both within his agency and elsewhere in Washington is pressing for more stringent controls that would, in part, bring the country closer in line with Europe.

"We are very focused at the FTC on formulating a true privacy framework and then of course bringing enforcement cases," Leibowitz said. "I see more convergence than divergence, and I think it's incumbent on all of us to use our comparable regimes to strike a balance, but one at a bedrock level that protects consumers' privacy."

Hustinx said he was encouraged by the report FTC staffers released in December, which emphasized the need for Web companies and others to incorporate privacy by design in new products and technologies, and to provide consumers with greater insight and choice into how their information is collected and used.

The FTC report, which floated the idea of a so-called do-not-track mechanism that would be incorporated into Web browsers to allow consumers to keep personal information out of the hands of advertisers, is only a preliminary stab at proposals for new safeguards, and, as a staff report, does not yet serve as official agency policy. But Leibowitz has broadly endorsed the report's recommendations, and Hustinx said he was encouraged at the emerging consensus among policy makers that industry self-regulation alone is not sufficient to protect consumers.

"What is more important is that we seem to be thinking in the same direction," he said. "Delivering this in practice is something I hope to see happen."

By the letter of U.S. law, however, the FTC cannot implement do-not-track or any other Web-specific measures in the report, even if it adopts them as formal policy recommendations. That would require an act of Congress, where competing proposals for new privacy safeguards are already emerging in the young session.

Rep. Jackie Speier (D-Calif.) introduced a bill that would direct the FTC to mandate and oversee a do-not-track mechanism. Meanwhile, last week Rep. Cliff Stearns (R-Fla.) announced plans to introduce a very different privacy bill that would rely heavily on the self-regulatory framework already in place, but aim to offer incentives for businesses to safeguard their customers' information, while granting the FTC limited oversight authority.

In the Senate, John Kerry (D-Mass.) and John McCain (R-Ariz.) have been working on their own bill, which could be introduced ahead of a hearing the Commerce Committee plans to hold on Web privacy next Wednesday. Kerry chairs the committee's Internet subcommittee, and has been leading a review of online privacy standards in the context of fair information practice laws.

"I think in the area of privacy, self-regulation is at a very critical point in the United States," Leibowitz said. "If companies don't do a better job of protecting consumer privacy, then I think what they will face is much more prescriptive regulations from Congress. Of course, as we all know, here in the United States, privacy is a very bipartisan issue."

Kenneth Corbin is an associate editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.