Concerns about data privacy are international
Everyone in the privacy world struggles with the same technology issues.
I recently attended the International Data Protection Commissioners meeting in Hong Kong. This eye-opening conference concentrated on surveillance, telecommunications, electronic commerce and cyberspace. Other conference subjects were public registers, law enforcement, freedom of information and privacy conflicts, and the news media.
Speakers from the United States had appeared at previous conferences, but this was the first year an official U.S. representative attended. Peter Swire, chief counselor for privacy at the Office of Management and Budget, was given observer status and permitted to attend the closed meeting of the commissioners.
Recognition of Swire was mildly controversial. Some commissioners opposed his attendance because of his limited authority and lack of independence. Others actively welcomed Swire's presence and thought that the advancement of his position should be recognized and encouraged. Appropriately, that view prevailed.
Swire did a credible job at the public session. He showed respect for data protection objectives and substantive knowledge about privacy. Swire also tried hard to put a good face on U.S. privacy activities. Swire usefully explained how the control of the White House, by one party, and the Congress, by another, can prevent passage of some administration initiatives. Reactions to Swire's presentation from the commissioners ranged from very positive to grudging acceptance.Data delay
The United States and the European Union Commission have been talking about data protection for quite a while. Under the EU data protection directive, which took effect about a year ago, the legality of personal data exports from Europe to the United States remains uncertain. The talks center on developing a safe harbor process that would permit qualifying U.S. companies to receive European data. The drawn-out negotiations were not a topic in the public part of the conference, but there were plenty of private discussions.
European data protection commissioners are unhappy about the safe harbor process. National authorities fear that the EU Commission will usurp their authority. The commission is faced with satisfying both the United States and the EU privacy regulators. That is not easy. Despite the continuing concern, I did not find anyone from Europe who was willing to predict that the safe harbor process would fail. On the other hand, I did not find anyone who thought that the process would produce anything meaningful, even if some agreement is achieved.
One of the most compelling reports on privacy and new technology came from Ann Cavoukian, the information and privacy commissioner for Ontario, which is, by the way, one of an ever-increasing number of provincial jurisdictions with privacy offices. That is in addition to national privacy offices. You'll find local offices in other Canadian provinces, Australia and throughout Germany. By contrast, the United States has fewer privacy officials than many such local jurisdictions.
Ontario decided a while ago to use biometrics to identify welfare recipients. The goal was to avoid double dipping, a not-unfamiliar problem in the United States. The Ontario privacy office worked with the government to address program and privacy needs at the same time. The result was a set of useful policies for regulating use of biometrics, which in this case are fingerprints.Northern biometrics
Standards cover the encryption of the biometric data, limit their use to the program's purpose, prevent reconstruction of the underlying fingerprint and call for destruction of the fingerprint once encrypted.
For papers on biometrics and privacy, as well as other interesting privacy and technology topics, visit the Ontario Commissioner's Web site, at www.ipc.on.ca. Anyone considering use of biometrics will find a visit to the site worthwhile.
Concern about technology is a constant privacy theme. On the first day of the conference, technology was a major local problem.
Technological failures or incompatibilities consistently interrupted presentations that required the use of Microsoft PowerPoint or other products. I began to wonder how much of a threat technology presents in practice. But my doubts disappeared on the second day when the computers and the presentations ran smoothly. So much for hoping that the computers will fail.Robert Gellman is a Washington privacy and information policy consultant. His e-mail address is [email protected].