Volume 22 Number 17, September 17, 2002

(Excerpted From Page 7)

The world’s privacy commissioners gathered in Cardiff, Wales Sept 9-11, testing out a new format that focused on several substantive issues, featured invited speakers with opposing views, and encouraged sometimes contentious debate.

The livelier, interactive format, which drew praise from many participants, was credited to conference hosts’ willingness to break away from the standard approach dominated by prepared presentations that left little time even for questions.

A prime example was the plenary session featuring Federal Trade Commissioner Orson Swindle, the only U.S. Government official to address the parley, squaring off against Italian Commissioner Stefano Rodotá, in the session entitled, "Effective Data Protection Can Only Be Delivered Through Independent Powerful Supervision Authorities — Myth or Reality?" Despite the Safe Harbor agreement, the debate highlighted key differences between the U.S. and Europe that could still boil over if the European Commission initiated a major enforcement action to curb flow of data on Europeans to the United States.

Reflecting views held virtually everywhere in the developed world except for the United States, Rodotá argued that only with a privacy commissioner could protection of individuals be sufficiently adapted and enforced, given constant change in technology, political situations and organizational practice.

"These fundamental rights and general interests such as those concerning transparency and operation of markets, or the autonomy of information and communication systems may not be made dependent on the law-making majority; therefore they may not be committed to government activity. Parliament's role remains fundamental in order to set forth the basic principles and criteria; however, Parliament cannot cope with all the further steps that must be taken in markedly dynamic areas and sectors, where it is necessary to continuously update rules with the changing of circumstances which cannot be done by means of traditional law-making processes on account of their slowness and complexity. Courts can, on their part, only take steps in a piecemeal, casual fashion at the initiative of the parties concerned ñ and only after a right has been infringed," Rodotá argued.

"If these issues are not coped with concretely -- how to ensure protection without being conditioned by the law-making majority, how to timely adjust rules and continuously control their effective implementation -- the recognition of citizens' rights risks becoming merely a formula, or else the province of private powers. Therefore, it is necessary to appropriately organize the institutional system in order to re-establish such balanced safeguards as parliament and the judicature are unable to ensure by themselves and that would only be jeopardized further by government's action. . . Setting up independent authorities contributes both to retaining socially and economically important decisions in the public domain and to re-creating the checks and balances that are required to ensure the democratic nature of a system," he said.

Swindle, a long-time opponent of both more privacy legislation and an independent privacy office, said the United States already has enough laws, as well as sufficient enforcement by the FTC.

"I do not believe that these solutions will be reached simply through the passage of legislation regulating online privacy practices. I believe legislation should be reserved for problems that the market cannot fix on its own, and, as discussed above, the market already is responding to consumers’ concerns and demands about privacy. In addition, legislation should not be adopted without consideration of the costs it may impose. Legislation could have unintended consequences that might stifle e-commerce or unduly restrict the free flow of information that provides numerous benefits to consumers. There also is no guarantee that the legislative solution would be effective, especially as technology changes. In the fast-moving world of information technology, it is very unlikely that the government can keep up, regardless of good intentions," Swindle stated in his prepared remarks.

"Comprehensive government regulation also will likely have the effect of redirecting industry efforts and resources to a 'compliance mode.' Investment, creativity, and ingenuity will take a back seat to a 'government solution.' The application of creative thinking, rapidly changing technology, profit-motivated investment, and good leadership to these evolving privacy issues would likely give way to the relatively static approach of doing what the government decides is best. In the long run, any system of privacy protection is likely to suffer from such a change in approach. We must and can do better than this."

The conference was the last for U.K. Information Commissioner Elizabeth France, who in December will become the Telecommunications Ombudsman. France will be replaced by Richard Thomas, director of public policy at the law firm Clifford Chance.

David Flaherty, privacy scholar and former British Columbia commissioner, recalled for the conference how at the time of her appointment, he had questioned whether someone like France, who came from the UK Home office (similar to the U.S. Office of Management & Budget) would have the necessary independence to be a successful privacy commissioner.

"I’m happy to report that in my view, she has demonstrated the necessary independence," Flaherty told the conference.

Privacy Times Editor/Publisher Evan Hendricks (national identity cards) and Stuart Pratt,

available at: www.informationrights2002.org/english/programme-set.html