An American Quilt of Privacy Laws, Incomplete

Share with others:


Print Email Read Later

WE don't need a new platform. We just need to rebrand.

That was the message of a report from the Republican Party a few weeks ago on how to win future presidential elections.

It's also the strategy that Peter Fleischer, the global privacy counsel at Google, recently proposed for the United States to win converts abroad to its legal model of data privacy protection. In a post on his personal blog, titled "We Need a Better, Simpler Narrative of U.S. Privacy Laws," he describes the divergent legal frameworks in the United States and Europe. 

The American system involves a patchwork of federal and state privacy laws that separately govern the use of personal details in spheres like patient billing, motor vehicle records, education and video rental records. The European Union, on the other hand, has one blanket data protection directive that lays out principles for how information about its citizens may be collected and used, no matter the industry.

Mr. Fleischer -- whose blog notes that it reflects his personal views, not his employer's -- is a proponent of the patchwork system because, he writes, it offers multilayered protection for Americans. The problem with it, he argues, is that it doesn't lend itself to simple storytelling.

"Europe's privacy narrative is simple and appealing," Mr. Fleischer wrote in mid-March. If the United States wants to foster trust in American companies operating abroad, he added, it "has to figure out how to explain its privacy laws on a global stage."

Other technology experts, however, view the patchwork quilt of American privacy laws as more of a macramé arrangement -- with serious gaps in consumer protection, particularly when it comes to data collection online. Congress should enact a baseline consumer privacy law, says Leslie Harris, the president of the Center for Democracy and Technology, a public policy group that promotes Internet freedom.

"I don't think this fight is about branding," Ms. Harris says. "We've been trying to get a comprehensive privacy law for over a decade, a law that would work for today and for technologies that we have not yet envisioned."

Many Americans are aware that stores, Web sites, apps, ad networks, loyalty card programs and so on collect and analyze details about their purchases, activities and interests -- online and off. Last year, both the United States and the European Union proposed to give their citizens greater control over such commercial data-mining.

If the American side now appears to be losing the public relations battle, as Mr. Fleischer suggested, it may be because Europe has forged ahead with its project to modernize data protection. When officials of the United States and the European Union start work on a free trade agreement in the coming months, the trans-Atlantic privacy regulation divide is likely to be one of the sticking points, analysts say.

"We really are an outlier," says Christopher Calabrese, legislative counsel for privacy-related issues at the American Civil Liberties Union in Washington.

For the moment, officials on either side of the Atlantic seem to be operating at different speeds.

In January 2012, the European Commission proposed a new regulation that could give citizens in the E.U.'s 27 member states some legal powers that Americans now lack. These include the right to transfer text, photo and video files in usable formats from one online service provider to another. American consumers do not have such a national right to data portability, and have to depend on the largesse of companies like Google, which permits them to download their own YouTube videos or Picasa photo albums.

A month after Europe proposed to update its data protections, the Obama administration called on Congress to enact a "consumer privacy bill of rights" that would apply to industries not already covered by sectoral privacy laws. These could include data brokers, companies that collect details on an individual's likes, leisure pursuits, shopping habits, financial status, health interests and more.

The White House's blueprint for legislation, for example, would give Americans the right to some control over how their personal data is used, as well as the right to see and correct records that companies hold about them. The White House initiative broadened the historical American view of privacy as "the right to be let alone" -- a definition put forward by Louis Brandeis and Samuel Warren in 1890 -- to a more modern concept of privacy as the right to commercial data control.

"We can't wait," a post on the White House blog effused at the time.

A year later, the data protection regulation proposed by the European Commission has been vetted by a number of regulators and committees of the European Parliament. The document now has several thousand amendments, some developed in response to American trade groups that had complained that certain provisions could hinder innovation and impede digital free trade. Peter Hustinx, the European data protection supervisor, said last Wednesday that European officials hoped to enact the law by next spring.

In the United States, by contrast, a year after the Obama administration introduced the notion of a consumer privacy bill of rights, a draft has yet to be completed, let alone made public.

Cameron F. Kerry, the general counsel of the Commerce Department and the official overseeing the privacy effort, was not available to comment last week. In a phone interview in January, however, Mr. Kerry said that the agency was working on legislative language to carry out the White House's plan.

"The idea is to have baseline privacy protections for those areas not covered today by sectoral regimes," Mr. Kerry said. He added: "We think it is important to do it in a way that allows for flexibility, that allows for innovation, and is not overly prescriptive."

Chris Gaither, a Google spokesman, said his company was "engaging on important issues" like security breach notification and declined to comment on consumer privacy legislation. But at least some American technology companies suggest that a baseline privacy law could benefit both consumers and companies. In a statement last year, Microsoft said national privacy legislation could help ensure "that all businesses are using, storing and sharing data in responsible ways."

With stronger European data rights and trade negotiations pending, Ms. Harris, of the Center for Democracy and Technology, says Congress may feel pressure to pass privacy legislation. That would represent a big change for American consumers as well as a better privacy sound bite abroad.

"We either have to enact our own law or we are going to have to comply with other countries' laws," Ms. Harris says. "But doing nothing may no longer be the answer."

E-mail: slipstream@nytimes.com.

interact

This article originally appeared in The New York Times.


Advertisement
Advertisement
Advertisement

You have 2 remaining free articles this month

Try unlimited digital access

If you are an existing subscriber,
link your account for free access. Start here

You’ve reached the limit of free articles this month.

To continue unlimited reading

If you are an existing subscriber,
link your account for free access. Start here