Volume 22 Number 17, September 17, 2002
(Excerpted From Page 7)
COMMISSIONERS CONFERENCE: LAST
HURRAH FOR E. FRANCE; LOTS OF DEBATE
The worlds privacy commissioners
gathered in Cardiff, Wales Sept 9-11, testing out a new format that
focused on several substantive issues, featured invited speakers
with opposing views, and encouraged sometimes contentious debate.
The livelier, interactive format, which drew praise
from many participants, was credited to conference hosts willingness
to break away from the standard approach dominated by prepared presentations
that left little time even for questions.
A prime example was the plenary session featuring
Federal Trade Commissioner Orson Swindle, the only U.S. Government
official to address the parley, squaring off against Italian Commissioner
Stefano Rodotá, in the session entitled, "Effective
Data Protection Can Only Be Delivered Through Independent Powerful
Supervision Authorities Myth or Reality?" Despite the
Safe Harbor agreement, the debate highlighted key differences between
the U.S. and Europe that could still boil over if the European Commission
initiated a major enforcement action to curb flow of data on Europeans
to the United States.
Reflecting views held virtually everywhere in the
developed world except for the United States, Rodotá argued
that only with a privacy commissioner could protection of individuals
be sufficiently adapted and enforced, given constant change in technology,
political situations and organizational practice.
"These fundamental rights and general interests
such as those concerning transparency and operation of markets,
or the autonomy of information and communication systems may not
be made dependent on the law-making majority; therefore they may
not be committed to government activity. Parliament's role remains
fundamental in order to set forth the basic principles and criteria;
however, Parliament cannot cope with all the further steps that
must be taken in markedly dynamic areas and sectors, where it is
necessary to continuously update rules with the changing of circumstances
which cannot be done by means of traditional law-making processes
on account of their slowness and complexity. Courts can, on their
part, only take steps in a piecemeal, casual fashion at the initiative
of the parties concerned ñ and only after a right has been
infringed," Rodotá argued.
"If these issues are not coped with concretely --
how to ensure protection without being conditioned by the law-making
majority, how to timely adjust rules and continuously control their
effective implementation -- the recognition of citizens' rights
risks becoming merely a formula, or else the province of private
powers. Therefore, it is necessary to appropriately organize the
institutional system in order to re-establish such balanced safeguards
as parliament and the judicature are unable to ensure by themselves
and that would only be jeopardized further by government's action.
. . Setting up independent authorities contributes both to retaining
socially and economically important decisions in the public domain
and to re-creating the checks and balances that are required to
ensure the democratic nature of a system," he said.
Swindle, a long-time opponent of both more privacy
legislation and an independent privacy office, said the United States
already has enough laws, as well as sufficient enforcement by the
"I do not believe that these solutions will be reached
simply through the passage of legislation regulating online privacy
practices. I believe legislation should be reserved for problems
that the market cannot fix on its own, and, as discussed above,
the market already is responding to consumers concerns and
demands about privacy. In addition, legislation should not be adopted
without consideration of the costs it may impose. Legislation could
have unintended consequences that might stifle e-commerce or unduly
restrict the free flow of information that provides numerous benefits
to consumers. There also is no guarantee that the legislative solution
would be effective, especially as technology changes. In the fast-moving
world of information technology, it is very unlikely that the government
can keep up, regardless of good intentions," Swindle stated in his
"Comprehensive government regulation also will likely
have the effect of redirecting industry efforts and resources to
a 'compliance mode.' Investment, creativity, and ingenuity will
take a back seat to a 'government solution.' The application of
creative thinking, rapidly changing technology, profit-motivated
investment, and good leadership to these evolving privacy issues
would likely give way to the relatively static approach of doing
what the government decides is best. In the long run, any system
of privacy protection is likely to suffer from such a change in
approach. We must and can do better than this."
The conference was the last for U.K. Information
Commissioner Elizabeth France, who in December will become the Telecommunications
Ombudsman. France will be replaced by Richard Thomas, director of
public policy at the law firm Clifford Chance.
David Flaherty, privacy scholar and former British
Columbia commissioner, recalled for the conference how at the time
of her appointment, he had questioned whether someone like France,
who came from the UK Home office (similar to the U.S. Office of
Management & Budget) would have the necessary independence to
be a successful privacy commissioner.
"Im happy to report that in my view,
she has demonstrated the necessary independence," Flaherty
told the conference.
In addition to France, the conference co-hosts were
Michael Smith, Jersey; Joe Meade,
Ireland; Peter Harris, Guernsey and Lynn Keig, Isle
of Mann. While debate over the value of privacy commissioners dominated
the second day, the following themes highlighted the September 10
debate. Data protection principles, by preventing information sharing,
hold back both modern government and efficient business myth
or reality? Anonymity has no place in the age of global information
systems and international terrorism myth or reality?
Plenary sessions were followed by workshops. Other
Americans who presented at
workshops included Brooklyn Law Professor Paul Schwarz
(anonymity and e-commerce);
Evan Hendricks (national identity cards) and Stuart Pratt,
Consumer Data Industry Assoc. (credit reporting).
Later this year, Pratt will replace Barry
Connelly as president of CDIA (formerly Associated
For the first time, the commissioners dedicated
the first day to a closed session where
they discussed a range of issues, but focused mainly
on governmental responses to Sept. 11.
They issued the following statement.
"The Commissioners agreed that while there is the
need to protect society from such
outrages, the reaction in many countries might have
gone beyond a measured response to the
terrorist threat with serious implications for personal
privacy. The Commissioners agreed that the
need to safeguard personal privacy in such developments
remains an essential task for the
worldwide data protection community. Unless an approach
is taken by governments that
correctly weighs data protection and privacy concerns,
there is a real danger that they will start to
undermine the very fundamental freedoms they are
seeking to protect."
Next year's conference is in Sydney, Australia.
Many of the 2002 conference papers are
available at: www.informationrights2002.org/english/programme-set.html