Is there any reason to think that privacy self-regulation will work today when it did not work in the past? Privacy self-regulation done in the same way that it has been done in the past, without sufficient consumer participation, and with the same goals of simply evading real regulation and effective privacy controls will continue to fail.
The World Privacy Forum filed comments on the US Department of Commerce Green Paper today and urged the department to adopt a fair stakeholder input process that included consumers in a robust and meaningful way. WPF outlined seven specific steps for the department to take to ensure a fair process.
This report evaluates the US Department of Commerce’s international privacy programs, their efficacy, and their value to business and to consumers. The role of the Commerce Department has become more important in light of the Obama Administration’s establishment of a Subcommittee on Privacy and Internet Policy in October 2010. The Subcommittee is chaired jointly by the Department of Commerce and the Department of Justice, and it is intended to promote “individual privacy,” among other things. [1]
This report reviews, analyzes, and summarizes major international privacy activities of the Department of Commerce, with a focus on the Safe Harbor Framework established in 2000 with the European Union in response to the requirements of the EU Data Protection Directive. The report also considers briefly the Department’s work on the Asia Pacific Economic Cooperation (APEC) Privacy Framework.
The rise of privacy as an issue of international attention has taken place during the past forty years. Various agencies of the US Government have played roles on international privacy matters, including the State Department, Federal Trade Commission, Department of Homeland Security, Office of Management and Budget, the Department of Commerce, and scattered other agencies. The privacy activities of these agencies have waxed and waned over the decades. Of the US agencies, the US Federal Trade Commission has played by far the most significant role in consumer privacy issues, for example, identity theft, financial privacy, and a host of issues related to privacy and fair business practices. Historically, the Department of Justice, primarily a law enforcement agency, has never played a significant role in consumer privacy. Indeed, in its law enforcement capacity, the Justice Department is often directly antagonistic to the protection of consumer privacy.
The Department of Commerce’s actions on international privacy matters have often been characterized by highly visible but ineffectively administered programs that lack rigor. As this report discusses, three separate studies show that many and perhaps most Safe Harbor participants are not in compliance with their obligations under the Safe Harbor Framework. The Department of Commerce has thus far carried out its functions regarding the Safe Harbor program without ensuring that organizations claiming to comply with the Safe Harbor requirements are actually doing so.