Privacy Law in 2012: Where We Are and Where We Are Going

Don’t Blink: Challenging, Changing Data Privacy and Security Concerns for Lawyers, Businesses and Consumers

Privacy has never mattered more than it does today, said moderator Christopher Wolf of Washington, D.C., in introducing the Aug. 3 panel, “Privacy Law in 2012: Where We Are and Where We Are Going,” sponsored by the Section of Administrative Law and Regulatory Practice. Wolf leads Hogan Lovells’ privacy and information management practice, and co-chairs the Future of Privacy Forum, a think tank dedicated to responsible data practices and business-practice advances in consumer privacy.

The daily headlines in newspapers provide an indication of the variety and vast number of issues in the area of privacy and security, from challenges relative to web cookies and Facebook. Indeed, the Wall Street Journal features a series titled “What They Know” relating to Internet tracking technology and the privacy implications for consumers.

The ABA program covered such topics as a comparison between the privacy law framework in the United States and the European Union, enforcement of laws protecting privacy and data security breaches, best practices for companies and lawyers advising them, and training for the legal and business communities.

The United States and European Union have different perspectives regarding laws covering data breaches, said Thomas Smedinghoff, partner in the privacy and data protection practice group in the Chicago office of Edwards Wildman Palmer LLP. Whereas privacy is considered a fundamental right for Europeans generally, the United States has laws on more of an ad hoc basis based on particular sensitivities, such as in the areas of health care, child protections and phone data.

J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals, updated attendees on the European cookie directive that states that users of websites must provide informed consent that their information is being tracked (with some strict limitations). However, now that each member state is implementing laws to conform with the directive, that implementation is varying and is a “jump ball right now,” Hughes said.

The Federal Trade Commission is the national enforcer of privacy matters, explained FTC Commissioner Julie Brill. In March of 2012, the FTC released a final privacy report that provided best practices for the protection of consumers and provided guidance to inform policymakers. The report outlined the FTC’s plan to move forward with an easy-to-use, persistent, and effective “Do Not Track” system, working with the World Wide Web Consortium and the Digital Advertising Alliance in order to do so. The report, however, was not designed to be an enforcement tool, pointed out Brill.

Lori Andrews, a law professor and director of the Institute for Science, Law and Technology at ITT Chicago-Kent College of Law, expressed doubts as to whether some corporations truly want consumers to have their right to privacy, as the sale of personal data for marketing and other uses is a very profitable business. In addition to companies collecting information to target ads that users see, there is an arguable value proposition to the collection of information for certain sectors of business. For examples, insurance companies may surmise that an individual who has skydiving friends may engage in that behavior himself, and hence raise that person’s rates; while the credit rating of a woman who is contemplating divorce may get lowered because non-married women often are less well-off financially.

Technological issues as well as the voluntary nature of P3P, designed to remove the burden from the consumer through the use of machine reading for consumer preferences with respect to the types of information a consumer is comfortable with having tracked, remain as well, as Hughes and Brill discussed.

It is important for lawyers dealing with privacy matters to be “at the top of their game,” said Hughes, because of the breadth of issues as well as the changes occurring so rapidly, The IAPP’s website has a regularly updated Daily Dashboard of new stories on privacy issues that can help lawyers stay apprised of the evolving field. Ed Felten blogs at the FTC; and Hogan’s Chronicle of Data Protection blog also informs on privacy and security issues.