New York Times Stirs Debate over EU vs. US Privacy Commitment
As pressure grows for technology companies like Apple and Google to adjust how their phones and devices gather data, Europe seems to be where the new rules are being determined.
After detailing some of the recent activities of Data Protection Authorities in the EU concerning location privacy, the article crticized the US framework:
In the United States, there is no single agency dedicated to privacy, and while the Federal Trade Commission and the Federal Communications Commission can deal with violations of privacy, those agencies are mainly focused on enforcing fair business practices.
In response, Christopher Wolf, Co-Director of the Hogan Lovells Privacy and Information Management practice wrote a Letter to the Editor, which was published today by the New York Times. Chris said that last week's article "leaves the impression that privacy is less of a policy concern in the United States than it is in the European Union." He went on to respond
There has also been an intense focus on protection of consumer data on Capitol Hill, in the agencies and in the media. Privacy is just as much an American concern as it is a European one. Our approach to how best to achieve privacy for personal data may differ from that of our European colleagues, but our commitment is equal.
Chris also cited the recent Bamberger/Mulligan study, "Privacy on the Books and on the Ground" in support of the proposition that privacy protection is robust in the United States:
A recent study by two professors at the University of California at Berkeley presented a different picture [than that in the Times article]. The combination of aggressive privacy and data security enforcement by the Federal Trade Commission, the existence of data security breach notification laws across the country and the appointment of chief privacy officers in many institutions have led to a much stronger American privacy framework than ever before.
Another Letter to the Editor in response to the Times privacy story was that of Mark Rotenberg, Executive Director fo the Electronic Privacy Information Center in which Mr. Rotenberg observed:
It is hardly surprising that Europe is taking the lead; the United States has been slow to update its privacy laws... It would be tempting for American policy makers to say that privacy concerns are unique to Europe. But the better approach would be to understand the problems and begin to develop solutions.
In a week in which
- federal "Do Not Track" legislation is being introduced
- hearings on location privacy are being held in the US Senate, and
- the FTC obtained an agreement from "two companies that maintain large amounts of sensitive information about the employees of their business customers, including Social Security numbers,  to settle Federal Trade Commission charges that they failed to employ reasonable and appropriate security measures to protect the data,"
and in a year in which
- the Executive Branch for the first time expressed support for a "Privacy Bill of Rights", a comprehensive privacy law
- the FTC issued a draft Report proposing substantial changes for the protection of privacy,
- the Department of Commerce assumed a leading role in calling for new privacy protections,
- Senators Kerry and McCain, among others, proposed new legal protections for privacy,
- Industry self-regulation to provide greater privacy protections increased dramatically, amd
- the FTC proposed a consent decree with Google calling for a "Comprehensive Privacy Program,"
it does not appear that American policy makers consider privacy concerns either to be unique to Europe or that Europe is the only place where new rules are in focus.
Notably, a Data Protection Authority from the EU wrote in response to Chris' letter (requesting anonymity):
I have the similar view as yours after my visit to the US...IMHO aggressive NGOS + committed privacy officers within the agencies provide equal protection (but in a different way) as our - sometimes bureaucratic - "independent" agencies.
The issue of what approach to the protection of personal privacy is best is likely to persist. Hogan Lovells Practice Director Chris Wolf has been invited to (and will) participate in the "eG8 Forum," a two day forum on the future of the Internet to be held in Paris at the end of this month, organized by President Sarkozy of France in connection with the G8 Summit he is hosting. The gathering will be attended by international tech leaders. (Google chairman Eric Schmidt, Facebook COO Sheryl Sandberg and Wikipedia founder Jimmy Wales are reportedly planning to participate.) A main focus of the event is the Internet and Privacy.
At the eG8 program, Chris plans to emphasize the points made in his Letter to the Editor of the Times, that there is "the convergence in international standards of privacy" and he will work to eliminate the "impression that privacy is less of a policy concern in the United States than it is in the European Union." To that end, Chris will work to promote greater international cooperation and harmonization of approaches to the protection of personal privacy.
Please join us for our April 2016 Privacy and Cybersecurity Events.