Europeans lead U.S. in data protection policies









Data privacy protection as public policy is much further along in Europe than in the
United States, a fact evident at last month’s annual meeting of the International
Data Protection Commissioners in Spain. This year’s conference was the last before
Oct. 24—the effective date of the European Union’s data protection directive.


Many uncertainties remain about the directive’s scope, effect and implementation.
U.S. businesses fear that the directive will result in the prohibition of personal data
exports from Europe to the United States, with a resulting loss of jobs, business and
profits.


Ulf Bruhann, head of the data protection unit of Directorate-General XV of the European
Commission, tried to soothe such fears, calling sudden changes unlikely and cautioning
that it will take time for union member states to pass implementing legislation, and for
legislation to translate into regulations for data controllers. Bruhann said that the full
impact of the directive would be felt gradually. Still, he said, it will undoubtedly
transform the data protection landscape in Europe and elsewhere.


The United States had no official delegation at the conference. But a Japanese
delegation had a place at the table even though Japan, like the United States, does not
have a data protection office. No one seemed able to explain why Japan had a seat and the
United States did not. After some last-minute maneuvering, a U.S. representative was
permitted to speak, but the presentation was clumsy and not well-received.


The overall theme to the conference was technology and in particular the Internet. Most
panels touched on these issues in some way, and the commissioners have clearly brought
themselves up to speed on the implications of the ongoing technological revolution on data
protection issues.


For readers of GCN who are well versed in computer and electronic data issues, this may
come as a surprise. But for the data protection commissioners, this represents a
significant improvement from a few years ago when too many were technologically untutored.
One commissioner asserted that 56-bit encryption could be broken quickly, and another
announced the impending breaking of public-key encryption. Both pronouncements surprised
encryption experts in the audience.


Other presenters were right on the mark, however. One was Peter Hustinx from the
Netherlands, speaking on privacy implications of intelligent transportation systems. His
office has been right in the middle of figuring out how to address privacy while using new
highway technology, such as cameras that capture traffic offenders’ license plate
numbers.


Most countries—including those in Eastern Europe and Latin America—paying
attention to privacy today are following the lead of the union. Hong Kong and New Zealand
have passed union-style laws and Canada is drafting a new law right now.


The United States is increasingly isolated in the international privacy arena. Concern
that we will be left behind is one reason why the business community, the Clinton
administration and Congress have been paying more attention to privacy lately.


Of course, domestic concerns about privacy have also been increasing and fueling
interest. My perception, however, is that the union data protection directive has been the
main spur to recent privacy activity. In many respects, the United States remains the
world’s technology leader. We have no institutional way to assess the impact of
technology on privacy, however.


The United States does not have a privacy policy office, and privacy considerations are
often ignored or only raised at the last minute when new technologies are being deployed
by federal agencies. An important lesson from the Data Protection Commissioners’
meeting is that we can now benefit from the work being done in Europe on privacy and
technology.


I do not mean to suggest that the Europeans have resolved all the conflicts. They
struggle with the same problems we do. The existence of so many data protection offices
abroad increases the likelihood that help on privacy and technology issues may be found
somewhere. Anyone—including feds—dealing with privacy issues resulting from the
Internet, video surveillance, computer matching and other technology uses may be able to
learn from foreign experiences. If you can’t get help at home, it is certainly worth
looking abroad.  


Robert Gellman, former chief counsel to the House Government Operations
Subcommittee on Information, Justice, Transportation and Agriculture, is a Washington
privacy and information policy consultant. His e-mail address is rgellman@cais.com.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above