According to a new White House report on consumer data privacy protection, trust is worth a lot of money to U.S. businesses—users have to know their data will be protected if the economic engine of digital innovation is to keep roaring. Ergo, the U.S. needs a privacy framework that’s “flexible” enough to accommodate industry innovation, and comprehensive enough that consumers will feel safe—and keep clicking.
But trust between consumers and companies in the U.S. is only part of the equation. There’s another important element, too: how compatible U.S. safeguards are with those of the rest of the world, and particularly Europe. This new proposal arrives a month ahead of a conference on data protection between E.U. and U.S. officials in Washington, D.C., leading to questions about whether Europe and the U.S. are any closer to getting on the same page when it comes to data privacy.
The answer not only depends on who you ask, but also what section of the White House’s report you’re looking at. The white paper lists seven principles and stresses that these principles should form the basis of voluntary codes of conduct adopted by industry. Once adopted, the Federal Trade Commission would have the power to enforce compliance to those codes. The paper also includes a call for Congress to pass legislation based on these principles, and devotes a section to “international interoperability”—which considers how data can be sent across international borders without violating laws on either side of the transaction.
Let’s start with the Consumer Privacy Bill of Rights. As Joseph Turrow, a professor at the Annenberg School for Communication at the University of Pennsylvania, told NPR’s Fresh Air, even the wording of the report’s title is a noteworthy choice:
[Europeans] believe in privacy as [a] human right. And that’s the interesting thing about how [the upcoming] Commerce Department report is positioned: as a right. There are some advocates who don’t like what they see in the policy because they think it’s too loose. But the very fact that it’s called a right is interesting rhetorically. Some people would say they’re moving in the right direction.
Privacy expert Lisa Sotto says that while the seven rights derive from the Fair Information Practice Principles—which were issued by the U.S Department of Education, Health, and Welfare in the 1970s—this updated version also reflects contemporary European ideals: “A number of the principles would seek to import European data protection standards to the U.S., such as the right to access and correct data,” says Sotto, head of the global privacy and data security Practice at Hunton & Williams in New York.
Next up: FTC enforcement and voluntary codes of conduct, which might be a harder sell to Europeans. In fact, argues Jeffrey Chester, head of the Center for Digital Democracy, the whole notion of self-regulation by industry undercuts the basic tenants of the European regulatory regime. “The Europeans are building a comprehensive online privacy framework that places the interests of citizens first,” he says, while the U.S. self-regulatory approach advances the interests of U.S. data mining companies. “This is digital apples and oranges.”
The section on interoperability, says Stuart Levi, a partner at Skadden, Arps, Slate, Meagher & Flom in New York, can be read as a signal to Europe: “We want you to recognize what we do here, and accept what we do here.”
“The U.S. is hedging its bets,” adds Levi, co-head of the firm’s intellectual property and technology group. In other words, even if the U.S. doesn’t get a comprehensive data privacy and protection policy passed into law, the Obama administration at least wants the E.U. to recognize that a self-regulatory regime is valid and worthy of respect.
The topic of global privacy regulations is now at a new pivot point. Are the new E.U. framework and White House “Bill of Rights” the beginning of a more global approach to data privacy, or are both sides far enough down the digital road that it will be nearly impossible to reconcile the legal and philosophical differences? For multinational companies and web brands that rely on global access to data and customers, the answer will be crucial to their success in a 21st-century marketplace.