About Us
  Expert Witness
  Speaker's Bureau
   TV & Radio
  Old Stories

Volume 22 Number 17, September 17, 2002

(Excerpted From Page 7)



The world’s privacy commissioners gathered in Cardiff, Wales Sept 9-11, testing out a new format that focused on several substantive issues, featured invited speakers with opposing views, and encouraged sometimes contentious debate.

The livelier, interactive format, which drew praise from many participants, was credited to conference hosts’ willingness to break away from the standard approach dominated by prepared presentations that left little time even for questions.

A prime example was the plenary session featuring Federal Trade Commissioner Orson Swindle, the only U.S. Government official to address the parley, squaring off against Italian Commissioner Stefano Rodotá, in the session entitled, "Effective Data Protection Can Only Be Delivered Through Independent Powerful Supervision Authorities — Myth or Reality?" Despite the Safe Harbor agreement, the debate highlighted key differences between the U.S. and Europe that could still boil over if the European Commission initiated a major enforcement action to curb flow of data on Europeans to the United States.

Reflecting views held virtually everywhere in the developed world except for the United States, Rodotá argued that only with a privacy commissioner could protection of individuals be sufficiently adapted and enforced, given constant change in technology, political situations and organizational practice.

"These fundamental rights and general interests such as those concerning transparency and operation of markets, or the autonomy of information and communication systems may not be made dependent on the law-making majority; therefore they may not be committed to government activity. Parliament's role remains fundamental in order to set forth the basic principles and criteria; however, Parliament cannot cope with all the further steps that must be taken in markedly dynamic areas and sectors, where it is necessary to continuously update rules with the changing of circumstances which cannot be done by means of traditional law-making processes on account of their slowness and complexity. Courts can, on their part, only take steps in a piecemeal, casual fashion at the initiative of the parties concerned ñ and only after a right has been infringed," Rodotá argued.

"If these issues are not coped with concretely -- how to ensure protection without being conditioned by the law-making majority, how to timely adjust rules and continuously control their effective implementation -- the recognition of citizens' rights risks becoming merely a formula, or else the province of private powers. Therefore, it is necessary to appropriately organize the institutional system in order to re-establish such balanced safeguards as parliament and the judicature are unable to ensure by themselves and that would only be jeopardized further by government's action. . . Setting up independent authorities contributes both to retaining socially and economically important decisions in the public domain and to re-creating the checks and balances that are required to ensure the democratic nature of a system," he said.

Swindle, a long-time opponent of both more privacy legislation and an independent privacy office, said the United States already has enough laws, as well as sufficient enforcement by the FTC.

"I do not believe that these solutions will be reached simply through the passage of legislation regulating online privacy practices. I believe legislation should be reserved for problems that the market cannot fix on its own, and, as discussed above, the market already is responding to consumers’ concerns and demands about privacy. In addition, legislation should not be adopted without consideration of the costs it may impose. Legislation could have unintended consequences that might stifle e-commerce or unduly restrict the free flow of information that provides numerous benefits to consumers. There also is no guarantee that the legislative solution would be effective, especially as technology changes. In the fast-moving world of information technology, it is very unlikely that the government can keep up, regardless of good intentions," Swindle stated in his prepared remarks.

"Comprehensive government regulation also will likely have the effect of redirecting industry efforts and resources to a 'compliance mode.' Investment, creativity, and ingenuity will take a back seat to a 'government solution.' The application of creative thinking, rapidly changing technology, profit-motivated investment, and good leadership to these evolving privacy issues would likely give way to the relatively static approach of doing what the government decides is best. In the long run, any system of privacy protection is likely to suffer from such a change in approach. We must and can do better than this."

The conference was the last for U.K. Information Commissioner Elizabeth France, who in December will become the Telecommunications Ombudsman. France will be replaced by Richard Thomas, director of public policy at the law firm Clifford Chance.

David Flaherty, privacy scholar and former British Columbia commissioner, recalled for the conference how at the time of her appointment, he had questioned whether someone like France, who came from the UK Home office (similar to the U.S. Office of Management & Budget) would have the necessary independence to be a successful privacy commissioner.

"I’m happy to report that in my view, she has demonstrated the necessary independence," Flaherty told the conference.

In addition to France, the conference co-hosts were Michael Smith, Jersey; Joe Meade,

Ireland; Peter Harris, Guernsey and Lynn Keig, Isle of Mann. While debate over the value of privacy commissioners dominated the second day, the following themes highlighted the September 10 debate. Data protection principles, by preventing information sharing, hold back both modern government and efficient business — myth or reality? Anonymity has no place in the age of global information systems and international terrorism — myth or reality?

Plenary sessions were followed by workshops. Other Americans who presented at

workshops included Brooklyn Law Professor Paul Schwarz (anonymity and e-commerce);

Privacy Times Editor/Publisher Evan Hendricks (national identity cards) and Stuart Pratt,

Consumer Data Industry Assoc. (credit reporting). Later this year, Pratt will replace Barry

Connelly as president of CDIA (formerly Associated Credit Bureaus).

For the first time, the commissioners dedicated the first day to a closed session where

they discussed a range of issues, but focused mainly on governmental responses to Sept. 11.

They issued the following statement.

"The Commissioners agreed that while there is the need to protect society from such

outrages, the reaction in many countries might have gone beyond a measured response to the

terrorist threat with serious implications for personal privacy. The Commissioners agreed that the

need to safeguard personal privacy in such developments remains an essential task for the

worldwide data protection community. Unless an approach is taken by governments that

correctly weighs data protection and privacy concerns, there is a real danger that they will start to

undermine the very fundamental freedoms they are seeking to protect."

Next year's conference is in Sydney, Australia. Many of the 2002 conference papers are

available at:

Financial Privacy
Identity Theft
  Privacy Act
Homeland Security
  More Information
on the Book >

Order the Book Online >

  Check Your Free Credit Report & Credit Score Instantly Online
Privacy Times: We've Got It Covered!
Copyright 1999-2006, Evan Hendricks. All rights reserved.