igforum.bio
/
public-comments-january-2011-regarding-information-privacy-and-innovation-in-the-internet-economy-world-privacy-forum
-
144679
L
% Public Comments January 2011 – Regarding Information Privacy and Innovation in the Internet Economy World Privacy Forum Skip to Content Javascript must be enabled for the correct page display Home Connect With Us: twitter Vimeo email Main Navigation Hot Topics
Comments of the World Privacy Forum
visibility
194 views
thumb_up
19 likes
M
Department of Commerce Regarding Information Privacy and Innovation in the Internet Economy, RIN 0660-XA22 Via email to [email protected]
Office of the Secretary
National Telecommunications and Information Administration
US Department of Commerce
1401 Constitution Ave., NW
Room 4725
Washington DC 20230
National Telecommunications and Information Administration
US Department of Commerce
1401 Constitution Ave., NW
Room 4725
Washington DC 20230
Re RIN 0660-XA22 Federal Register December 21 2010 Volume 75 Number 244 Page 80042-80044
January 28, 2011 The World Privacy Forum is pleased to have this opportunity to comment on the Green Paper of the Department of Commerce Internet Policy Task Force titled Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework. (URL: http://www.commerce.gov/sites/default/files/documents/2010/december/iptf-privacy-green- paper.pdf).
thumb_up
14 likes
N
The World Privacy Forum is a non-profit, non-partisan public interest research group that focuses on analysis and research of privacy issues, including issues relating to health care privacy, technology, and online/offline data privacy. More information on our work may be found at http://www.worldprivacyforum.org.
1 The Department of Commerce s Safe Harbor Framework
The Department’s green paper discusses the Department of Commerce’s activities regarding the US and EU Safe Harbor Framework.
thumb_up
5 likes
J
On page 44, the paper states: The approach taken to resolve issues between the United States and the European Union (EU) when the EU passed its Data Protection Directive in 1995 illustrates how safe harbors have been successful. *** It is widely regarded as a successful option for bridging the divide between the different approaches to privacy protection between the United States and the EU when it comes to cross-border transfers for commercial purposes.
thumb_up
45 likes
J
It is difficult to understand how anyone, including the Department, can use the word successful to describe its Safe Harbor Framework. A month before the paper’s release, the World Privacy Forum released a report The US Department of Commerce and International Privacy Activities: Indifference and Neglect (Nov.
thumb_up
33 likes
C
22, 2010). We reproduce here the findings of the WPF report that specifically pertain to the Safe Harbor Framework: The Department of Commerce’s actions on international privacy matters have often been characterized by highly visible but ineffectively administered programs that lack rigor. As this report discusses, three separate studies show that many and perhaps most Safe Harbor participants do not comply with their obligations under the Safe Harbor Framework.
thumb_up
33 likes
A
The Department of Commerce has thus far carried out its functions regarding the Safe Harbor program without ensuring that organizations claiming to comply with the Safe Harbor requirements are actually doing so. There is no evidence that the Department of Commerce has conducted any type of audit or significant review of the Safe Harbor Framework since the program began in 2000. If there has been an audit or review, it has not been made public in any meaningful way.
thumb_up
45 likes
E
Any substantive shortcomings of the Safe Harbor Framework are the joint responsibility of the Department of Commerce and the European Union and as such are beyond the scope of this report. The European Commission ordered two studies of Safe Harbor, but took no significant action based on the consistent and critical findings of the studies. A third and more recent study confirmed that serious problems continue to exist with Safe Harbor compliance by US organizations.
thumb_up
36 likes
G
It is apparent from these studies that the Department of Commerce has not done enough to fully carry out its Safe Harbor responsibilities. The Department of Commerce’s failure to demand compliance with Safe Harbor requirements has so undermined the value of the program that some European data protection authorities are no longer willing to rely on a participating organization’s self-certification as reflected on the Department of Commerce’s Safe Harbor website. The three studies cited in these findings were conducted in 2001, 2004, and 2008.
thumb_up
5 likes
A
The findings of all studies are remarkably similar, showing that many and perhaps most participants in the Safe Harbor Framework do not comply with their commitments and that compliance has been a problem since the beginning of the Safe Harbor Framework. The WPF report also discusses more recent activities. In April 2010, a working group of the German federal and state data protection authorities told businesses that export data from Germany to the United States that a data exporter may not rely on Safe Harbor self-certification and must instead verify whether a US data importer actually complies with the Safe Harbor requirements.
thumb_up
12 likes
C
In other words, the Safe Harbor Framework is no longer recognized in Germany. To summarize, the Safe Harbor Framework has been consistently criticized for a widespread lack of compliance by participants with the requirements of the Safe Harbor, and the entire Safe Harbor Framework has now been rejected by the data protection authorities of a major European country.
thumb_up
8 likes
E
By what measure can the Department assert that the Safe Harbor Framework is a success? We are afraid that the answer to this question reveals the mindset of the Department.
thumb_up
40 likes
S
The US- EU Safe Harbor Framework was not successful in achieving its stated goals. It was not successful in achieving better privacy protections for personal information exported to the US from Europe. The US-EU Safe Harbor Framework was successful only by one measure.
thumb_up
22 likes
H
It succeeded for a time in papering over a significant privacy problem that had the potential to disrupt international trade. In our view, both the US and the EU showed indifference to the protection of personal privacy and acted jointly to provide a cover for business as usual for international trade. The Department of Commerce could have forced companies in the Safe Harbor Framework to comply with the requirements, but the Department did not do so.
thumb_up
39 likes
E
What is most troubling here is the Green Paper’s proposal to build on the supposed success of the Safe Harbor Framework in encouraging the development of voluntary, enforceable privacy codes of conduct in specific industries under the direction of a new privacy office at the Department of Commerce. If the failed Safe Harbor Framework is the model for further voluntary actions on the part of industry, then we have to question the sincerity of this new effort at privacy protection.
thumb_up
49 likes
I
Is this new effort to serve the same ends as the Safe Harbor Framework? Is the real purpose to paper over the issues and kick the problem down the road rather than deal fairly with the privacy needs and interests of American consumers? We draw a different conclusion from the 2000 US-EU Safe Harbor Framework than articulated in the Green Paper.
thumb_up
8 likes
L
There has been a series of other self-regulatory activities for privacy by US businesses. They include the Online Privacy Alliance, the Better Business Bureau’s Online Privacy Program, the Individual Reference Service Group (IRSG), the Privacy Leadership Initiative, the Network Advertising Initiative [1], and the Platform for Privacy Preferences (P3P).
thumb_up
43 likes
E
Every single one of these activities has failed to sustain any meaningful privacy for consumers. Not all, but most of these activities have disappeared altogether.
thumb_up
38 likes
Z
These privacy self-regulatory activities continued only as long as regulators or legislators were actively threatening to take action, and when the threats lessened, the self-regulatory efforts also tended to evaporate. The Safe Harbor Framework continues, but the program in its current state is inert in many important respects. The Department of Commerce should take an honest look at privacy self-regulation and should confront the shortcomings that have consistently characterized American self-regulatory activities.
thumb_up
50 likes
J
The Safe Harbor Framework’s failures are obvious to everyone who has looked squarely at the program. If the Department cannot confront its own shortcomings in the privacy arena, admit its own failures, and institute improvements, then there is little hope that the Department can fairly and usefully supervise any privacy self-regulatory program, convince consumers that the Department can be an honest broker, or show the rest of the world that American businesses can be trusted to provide consumer privacy protections with legally enforceable rules.
thumb_up
1 likes
L
Another finding of the WPF report was that consumers in the United States and elsewhere cannot reasonably expect the Department of Commerce to pay much, if any, attention to their privacy interests. The Green Paper offers nothing to change this conclusion.
thumb_up
45 likes
D
A Department that calls its Safe Harbor Framework a success without any recognition of its shortcomings cannot expect consumers to accept new claims from the Department that it will work fairly to address consumer privacy concerns.
2 The proposed stakeholder process lacks rigor and definition
One of the principal recommendations of the Green Paper is for voluntary, enforceable codes of Conduct, a phrase repeated a dozen times in the Paper. Specifically, the Green Paper recommends “legislation that would create a safe harbor for companies that adhere to appropriate voluntary, enforceable codes of conduct that have been developed through open, multi- stakeholder processes.” We have a few problems here.
thumb_up
15 likes
E
First, as discussed above, the historical record shows that privacy self-regulation by American business has been a consistent failure. The Department’s own Safe Harbor Framework might in fact be the poster child for privacy self-regulatory failure.
thumb_up
48 likes
I
The case for more self-regulation has not been unambiguously made, nor the case for Commerce Department supervision of this process. The Green Paper fails to acknowledge adequately the problems with privacy self-regulation, hoping instead that the current industry programs will magically be different from those that came before.
thumb_up
39 likes
M
Like Charlie Brown, the Department recommends charging ahead to kick the self-regulatory football notwithstanding the consistent pattern of past failures. The Green Paper assumes that a self-regulatory program operating today will continue in the future, when evidence demonstrates otherwise.
thumb_up
41 likes
W
Second, we wonder if the Green Paper authors spent enough time considering the reality of voluntary codes of conduct. How many codes of conduct would be necessary? This is a hard question to answer, but it could easily number in the dozens or conceivably even in the hundreds.
thumb_up
39 likes
E
The search engine industry may need its own code. Electronic mail providers may need their own code.
thumb_up
39 likes
R
Internet merchants would need a code. Social networking websites may need their own code and perhaps in multiple flavors depending on the audience and business models employed.
thumb_up
1 likes
E
Even if there were as few as a dozen codes, it is quite likely that a single business would have activities that fall within the domain of more than one code. The possibility of self- regulatory jurisdictional conflicts is both foreseeable and unaddressed in the Green Paper.
thumb_up
7 likes
A
It is too easy to support voluntary codes of conduct in the abstract without confronting how they would be structured and how they would operate. The reality will be much harder, and implementing codes of conduct could be as difficult or more difficult than substantive privacy legislation. How consumers will understand and live under multiple different codes of conduct is another difficult question that the Green Paper does not consider.
thumb_up
0 likes
E
Third, the recommendations put too many eggs in the FTC oversight and enforcement basket. Whether the FTC has done a good job with privacy oversight and enforcement is a question that we choose not to debate here, but we observe that a wide range of views on the FTC’s performance is readily available.
thumb_up
3 likes
S
Whether the FTC has the resources or willingness to undertake all of the activity, supervision, and enforcement that the Green Paper envisions is highly uncertain. More FTC activities in one area of its responsibility would likely mean less in other areas.
thumb_up
0 likes
V
Whether other consumer protection activities would disappear is unknown. It was a generous gesture for the Department to propose that it would fund a Privacy Office out of existing resources, but it seems that the Department also wants to impose on the FTC the same obligation to expend additional funds without considering the consequences.
thumb_up
10 likes
J
Fourth, the Green Paper ignores that the FTC has limited jurisdiction. Large sectors of the economy are beyond its powers. These include large parts of the health care, non-profit, and governmental sectors.
thumb_up
22 likes
E
Thus, the Green Paper’s ideas, if adopted, would leave large processors of personal information outside the scope of any new privacy rules or codes. It may be understandable that the Commerce Department primarily cares about commercial interests, but from the consumer perspective, the privacy problems are the same regardless of the regulatory status of the record keeper. The Department’s limited jurisdiction and perspective also suggest a reason why a privacy policy office within the Department will have too narrow a focus to be helpful to consumers facing real privacy problems in a complex world.
thumb_up
4 likes
E
Fifth, the Green Paper repeatedly proposes an open, multi-stakeholder process. The World Privacy Forum welcomes the notion of a multi-stakeholder process for developing privacy rules. Some of the failures of existing privacy self-regulatory activities are the result of a lack of participation by consumers.
thumb_up
38 likes
J
When self-regulation is controlled entirely by those being regulated – even if there is a cursory role for a regulatory or government agency – it is inevitable that self- regulation will lose rigor and fail. The only way for self-regulation to have a chance to help consumers and businesses is for there to be dynamic tension in the process.
thumb_up
5 likes
C
That tension will only be sustained by active participation by consumers. The Green Paper does not address how an open, multi-stakeholder process will function, who will participate, and what procedures will apply. We would like to begin the discussion of these process issues by suggesting that: 1) Consumer and business representation be equal in any multi-stakeholder process.
thumb_up
25 likes
H
2) Approval of consumer representatives must be a necessary element in any formal decisions, just as the approval of business will be necessary. 3) Consumers must select their own representatives through a process yet to be determined, and consumer representatives may not be designated or limited by business or government. 4) Consumer organization that require financial assistance to participate in the multi- stakeholder process should receive support for travel and other expenses (but not for staff support).
thumb_up
34 likes
S
5) Government agencies may participate in the process, but no agency may have a vote. 6) Participants in the process must chose their own rules and presiding officer.
thumb_up
36 likes
M
7) Certifiers of accountability with codes of conduct should be not-for-profit organizations that are wholly independent of business, consumers, and government. We note that in the Green Paper itself, in notable contrast to the FTC paper arising from its Privacy Roundtable series, the Department ignored a substantial number of privacy and civil liberty groups active in the privacy arena. If the Green Paper is a precursor to the stakeholder groups, then we have concerns about the fairness and equitability of the process.
thumb_up
41 likes
L
Respectfully submitted,
Pam Dixon
Executive Director,
World Privacy Forum
_________________________________ Endnotes [1] The NAI is currently undertaking work on a self-regulatory code of conduct for online behavioral advertising and for an enhanced notice icon. Whether these efforts will prove successful in the long-term remains to be seen because regulatory and legislative threats are significant today. The past may provide a clue to the future.
Executive Director,
World Privacy Forum
_________________________________ Endnotes [1] The NAI is currently undertaking work on a self-regulatory code of conduct for online behavioral advertising and for an enhanced notice icon. Whether these efforts will prove successful in the long-term remains to be seen because regulatory and legislative threats are significant today. The past may provide a clue to the future.
thumb_up
22 likes
M
In 2000, the NAI also undertook a major privacy self-regulatory effort. That effort was the subject of a 2007 World Privacy Forum Report titled THE NETWORK ADVERTISING INITIATIVE: Failing at Consumer Protection and at Self-Regulation, http://www.worldprivacyforum.org/pdf/WPF_NAI_report_Nov2_2007fs.pdf.
thumb_up
19 likes
M
The 2000 NAI effort failed by virtually every measure except one. It succeeded in “lulling regulators into thinking that self-regulation fairly and effectively addresses the interests of consumers who are the targets of behavioral advertising.” Id.
thumb_up
0 likes
N
Posted January 28, 2011 in NTIA Multistakeholder Process, Online Privacy, Public Comments, Safe Harbor (EU), U.S. Department of Commerce Next »WPF asks US Department of Commerce to make stakeholder process fair « PreviousWPF launches Facebook Page WPF updates and news CALENDAR EVENTS
WHO Constituency Meeting WPF co-chair
6 October 2022, VirtualOECD Roundtable WPF expert member and participant Cross-Border Cooperation in the Enforcement of Laws Protecting Privacy
4 October 2022, Paris, France and virtualOECD Committee on Digital and Economic Policy fall meeting WPF participant
27-28 September 2022, Paris, France and virtual more Recent TweetsWorld Privacy Forum@privacyforum·7 OctExecutive Order On Enhancing Safeguards For United States Signals Intelligence Activities The White House https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/Reply on Twitter 1578431679592427526Retweet on Twitter 1578431679592427526Like on Twitter 1578431679592427526TOP REPORTS National IDs Around the World — Interactive map About this Data Visualization: This interactive map displays the presence... Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors.
thumb_up
46 likes
L
The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes.
thumb_up
30 likes
I
The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process. COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules.
thumb_up
0 likes
A
The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review.
thumb_up
23 likes
S
This report sets out the facts, identifies the issues, and proposes a roadmap for change.
thumb_up
7 likes
Similar Discussions
-
Who is kimmikka? Twitch streamer banned on Twitch for having s x on stream surges in popularity
-
Aspas Valorant settings 2022
-
Jupiter s Legacy Season 1 Ending Explained Breakdown The News Pocket
-
Unicall Universe Calls APK Download for Android
-
Mi Viaje PSN APK Download for Android
-
Gostop Combo APK Download for Android
-
Air Control APK Download for Android
-
Weather Clock APK Download for Android
-
Disparition d Herv Algalarrondo notre fr re en journalisme
-
Patrick Dewaere pourquoi Julien Clerc a t il adopt sa fille Ang le Herry ? Gala
-
Un policier d f r suite au d c s d un homme lors d un refus d obtemp rer
-
Por qu Marilyn Monroe es el cono m s incomprendido del mundo BBC News Mundo
-
Bird flu detected in Orange County
-
That s Not My Name Celebrities and When a Meme Is Over The Monitor Memes
-
As fue el encuentro entre Yolanda D az y Alberto N ez Feij o
-
MrBeast reveals why he paid $1 million for night at a hotel Dexerto
-
This Instagram Account Posts Punny Jokes And It s Every Dad s Internet Heaven 30 New Pics
-
Autumn Statement What to expect from George Osborne today
-
There is one easy thing you can do to be more attractive
-
How much money do you need to earn to be in the one per cent around the world?
-
The Peripheral Review Amazon s Confident Sci Fi Series Issues a Warning About the Future of Tech TV Guide
-
How to Fix Black Screen on Android Phones
-
How to Cast to Roku TV From Android
-
Our Favorite Products From CES 2021
-
How to Permanently Delete Emails in Outlook
-
Compare 2022 Hyundai Tucson vs Jeep Cherokee CarBuzz
-
The Chevy Corvette 70th Anniversary Edition Will Be Worth The Wait CarBuzz
-
BREAKING 2020 SEMA Show Officially Canceled CarBuzz
-
There s A 1 000 HP Italian SUV Coming CarBuzz
-
2010 Chrysler PT Cruiser Review Trims Specs Price New Interior Features Exterior Design and Specifications CarBuzz