While the Obama Administration has proposed a Consumer Privacy Bill of Rights, it has yet to propose the actual text. Yet to be determined, among various other matters, are who would be in charge of regulation and how much regulation would take place. In a teleconference yesterday between members of the European Commission in Brussels and the U.S. Commerce Dept. in Washington, E.C. Vice President Viviane Reding suggested the U.S. copy the E.U.’s approach – one which would employ a heavier hand.
Comm. Reding spelled out that the goal of meetings between the heads of commercial regulators for the two governments is nothing short of “regulatory convergence” – signifying that they should come to an agreement on the language of their respective laws governing how ISPs and content providers handle personal data protection. To that end, she stated that it’s up to Washington to catch up with the “gold standard” that Europe is already setting.
“In the U.S., privacy principles have a tradition as well,” Reding told the joint meeting. “It is true that unlike in Europe, there is no single, over-arching privacy legislation yet. But a first step has been taken in the past weeks. And I look with interest at the way the U.S. Congress will act on the policy principles set out by President Obama, four weeks after our European proposals, in the paper on ‘Consumer Data Privacy in a Networked World.’ In this context, I note the interest that NGO’s and other stakeholders in the U.S. are showing in these proposals and that they are urging the U.S. Congress to pass legislation to protect peoples’ rights.”
For years, since Congress’ passage of the U.S. Patriot Act in 2001, European and American regulators have been at loggerheads over whether American law enforcement should have access to personal information, residing on U.S. systems, about European citizens – even if the information is pursuant to an anti-terrorism investigation. In a recent draft of a continent-wide law protecting European consumers, the E.U. would mandate that foreign operators maintain “an adequate level of protection” for European data in American data centers.
Now that cloud-based systems house entire server configurations, European businesses fear exposing themselves and their clients to the FBI or NSA. But that fear may also be preventing cloud providers on the continent from growing at the same rates as elsewhere in the world, including the Middle East and Africa.
In a joint statement released yesterday, Comm. Reding and U.S. Commerce Sec. John Bryson sounded a bit more as though they were marching in lockstep rather than succession. While agreeing that there’s disagreement, the statement would appear to signify that the dialog is among equals.
“The European Union is following new privacy developments in the United States closely,” the joint statement reads. “Both parties are committed to working together and with other international partners to create mutual recognition frameworks that protect privacy. Both parties consider that standards in the area of personal data protection should facilitate the free flow of information, goods and services across borders. Both parties recognize that while regulatory regimes may differ between the U.S. and Europe, the common principles at the heart of both systems, now re-affirmed by the developments in the U.S., provide a basis for advancing their dialog to resolve shared privacy challenges. This mutual interest shows there is added value for the enhanced E.U.-U.S. dialogue launched with today’s data protection conference.”
But Comm. Reding’s speech, which followed the issuance of the joint statement, attempted to show who’s in charge: “I know that several Members of the European Parliament are present in Washington today and that they have a key interest in these developments. This is because in Europe the European Parliament has the final say on all international agreements that involve data sharing and concern the protection of European citizens’ personal data.”
While this was going on, FCC Commissioner Robert McDowell testified before the House Appropriations Committee that any agreement between the two governments could become moot if the United Nations were to be allowed to supplant the current model of Internet governance with one centered around the International Telecommunications Union. Comm. McDowell warned Congress that an ITU proposal set for discussion next December would call for the UN to “subject cyber security and data privacy to international control.”
McDowell’s alternative to ITU governance, however, might not appeal to folks like Comm. Reding: He suggests all governments would do well to keep their hands off the Internet whenever possible.
“Any attempts to expand intergovernmental powers over the Internet, no matter how incremental or seemingly innocuous, should be turned back,” the Commissioner stated. “Modernization and reform can be constructive, but not if the end result is a new global bureaucracy that departs from the multi-stakeholder model. Enlightened nations should draw a line in the sand against new regulations while welcoming reform that could include a non-regulatory role for the ITU.”