The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.
Post on 27-Mar-2015
214 Views
Preview:
Transcript
“The United States, Privacy, and Data Protection”
Peter P. SwireDutch Embassy PresentationJanuary 19, 2001
Overview
The Inevitability of Societal Decisions on Privacy
Clinton Administration Actions A Look Ahead
E-mail attachment as the new metaphor From mainframe to the e-mail attachment 1970s and mainframes
– Worry about large, centralized databases– Fair Credit Reporting Act, 1970– Privacy Act of 1974– First European data protection laws
Changes to the 1990’s
Everyone has a mainframe -- laptop or desktop
Transfers are free, instantaneous, & global Usually change symbolized by the web Better image is the e-mail attachment
– Anyone to anyone– Can attach anything to an e-mail– The lived experience of almost all users
Inevitability of Societal Decisions about Privacy The lack of a status quo Examples:
– State public records– Medical records– Financial records– Internet records
The Lack of a Status Quo
Old reality:– Relatively few databases– Relatively few rules -- by law or industry
New reality:– Far more databases, with more detail– If few rules, then vastly greater data flows– If try to retain pre-existing privacy balance,
then will have many more rules
Public Records
Old reality (e.g., 20 years ago)– Legal openness, state open government laws– Practical obscurity -- cost and bother of going
to the courthouse for paper records New reality:
– Legal openness, except drivers’ records– Practical openness, far more intensive use– Bankruptcy and privacy study
Medical Records
What has changed:– Mostly paper to mostly electronic– Records held by large providers and plans, and
used for many management purposes Societal response:
– HHS medical privacy regulations
Financial Records
What has changed:– Level of detail -- from credit history to
transactional history– Industry convergence
Societal response– FCRA– Financial Modernization law 1999– Clinton Administration pushed for more
Internet Privacy
Old reality?– None.
“Inevitability of societal decisions”– Web sites– Online profiling– GUIDs– Etc. -- IPv6, links to offline, and so on
What are “Societal Decisions”?
Technology -- engineers in the company or standards organizations
Markets -- company decisions and contracts with business partners
Self-regulation Governmental rules Transborder rules -- Safe Harbor
Conclusion on “societal decisions” No status quo: can’t return to few databases
and few rules Number and velocity of privacy issues
increasing rapidly E-mail attachments: solutions must be
robust in a world of anyone-to-anyone transfers
II. Clinton Administration Privacy Policy
Support self-regulation generally– Applaud self-regulatory efforts
Sensitive categories deserve legal protection– Medical & Genetic– Financial & ID Theft– Children’s Online
Government should lead by example
Internet Privacy
Quantity of policies– 15% to 66% to 88% from 1998 to 2000
Quality of policies– Seek fair information practices
Major legislative push this year
Safe Harbor
Now approved by E.U. Self-regulation as a core achievement Lawful basis for trans-Atlantic data flows Streamlined registration Up for review in summer, 2001 Financial services not yet addressed
Medical Records Privacy
HIPAA 1996 called for legislation by 8/99 President announced proposed regs 10/99 Over 53,000 submissions of comments Final rules announced December, 2000 Take effect early 2003
Genetic Discrimination
February 8 Executive Order– Prohibits federal agencies from using genetic
information in hiring or promotion Call for legislation
– Daschle/Slaughter bills– Extend protections to private sector– Apply to purchase of health insurance
Children’s Online Privacy
Children’s Online Privacy Protection Act of 1998
FTC rules took effect 4/2000 Key is “verifiable parental consent”
Financial Privacy
Financial Modernization Act – Notice for 3d parties and affiliates– Opt out choice for 3d parties only– Significant enforcement provisions
Federal Databases
Privacy Act in place since 1974 Now, all agencies have privacy policies at
their major web sites Summer 2000 -- presumption against the
use of “cookies” at federal web sites Other OMB actions
III. LookingAhead
Bipartisan interest in privacy protections Republican focus especially on misuse in
the government sector Democrats more likely to favor regulation
of the private sector Growing realization, though, that data flows
between the sectors
The Bush Administration
Campaign statements similar to Clinton Administration approach:– Focus on sensitive medical and financial– Encourage self-regulation– But, comments by Bush himself suggested
more activist
Which U.S. Institutions will Lead? OMB -- traditional role for government
databases Larry Lindsay -- possible policy lead FTC -- independent agency has called for
Internet legislation Hard to imagine a new federal privacy
agency in medium term
Conclusion
U.S. has taken significant legal steps toward protecting most sensitive information
Ongoing debate of whether to expand to the Internet, or even off-line
Unclear what institutions would regulate in the area
Likely significant change within 5-10 years
top related