As Data Privacy Day rolls around again, there’s absolutely no shortage of people with a view to express on the topic. However, as one of my pet hates is the ‘blog post consisting of a list of unqualified URLs’, I’m going to be very selective, and couch my suggested hyperlinks in some explanatory text.
Is Data Privacy still a problem? After all, the US – to take one example – has had a Privacy Act since 1974. We must have cracked the problem by now, right?
Well, no, not quite. Stop by Privacy International’s recently-launched 2011 report on European Privacy and Human Rights and check out their interactive graphical assessment of European nations’ privacy performance against 17 sets of assessment criteria. If you cling to the belief that Europe is a bulwark of enlightened privacy law and regulation, prepare to be depressed.
Now, I know the US takes a very different approach to regulation and legislation, philosophically… so your next visit might be to Chris Hoofnagle’s thoughtful blog about how a decade of voluntary self-regulation has failed to result in either effective self-regulation or good privacy outcomes.
As well as the reasons Chris lucidly sets out, I think there’s another reason self-regulation is never going to produce satisfactory results in data privacy, and that is that the stakeholders are too diverse. Too many horses, if you’ll pardon the crudity, would have to pee at the same time. For instance, it’s no use if regulators and service providers agree a set of great privacy-enhancing technologies but the same things don’t then appear in mass-market browser technology.
Whether you think legislators should be leading the way here or not, there’s no doubt they intend to be seen to be doing something. Here, for example, are Neelie Kroes (Vice President of the European Commission) and Viviane Reding (EU Justice Commissioner) using the WEF to set out their strategies for Cloud Computing… and the related implications for privacy strategy.
All in all, a number of national and regional elements of the regulatory landscape are set to change over the coming months. Over at the Hawktalk blog, Chris Pounder reads the tea-leaves regarding the review of the EU Data Protection Directive.
For my part, I’ll be aiming to cast the net a bit wider and look at related changes such as:
- The OECD’s review of its 8 Privacy Principles
- The new privacy remit proposed for the US DoJ
- The FTC’s revisiting of the concepts of Notice and Consent
If you’d like to comment or contribute on any of those topics, please drop me a line, either via the Comments or by email.
Category: Uncategorized Tags: