The ninth year of CFP--whose nearly 500 registered attendees ranged from high-level government officials to programmers and grassroots advocates--had a strong international bent. And for good reason. The Net is breaking down commercial and regulatory barriers, making it virtually impossible for countries to be islands unto themselves when it comes to online consumer protection and civil rights issues.
There is no doubt the United States dominates in Net innovation, usage, and investment. But according to CFP consensus, the country's data protection policies are beginning to trail those of the rest of the world, especially when it comes to guaranteeing people's access to private sector records that contain sensitive data and establishing an independent body to monitor privacy practices and to address consumer complaints.
One reason stands out: The European Union's privacy directive has been adopted by seven member countries and is expected to pass muster in the remaining eight. The directive not only requires that firms disclose how they intend to use personal information, but threatens to cut off data transfers to countries that don't "adequately" protect it.
But the United States has steadfastly refused to grasp the nettle, drawing criticism that has threatened to spill into commercial and diplomatic friction.
"The world is beginning to line up behind the European model--except the United States," said Bob Gellman, a well-known privacy consultant. "American companies have all this data about you, and have classified you, and they don't want to disclose that to you."
It's no secret that the United States is tangling with EU officials over the directive. The Clinton administration, which favors industry self-regulation schemes combined with "sectoral" laws, doesn't want a blanket privacy law like those in the EU and Hong Kong and legislation being pushed in Canada.
Uncle Sam was again zinged for its ideological position during a panel yesterday, in which privacy officials from the Netherlands, United Kingdom, Canada, and United States detailed their data collection laws, and then faced tough questions and hypothetical scenarios from a mock jury. One example demonstrating apparent American nonchalance toward privacy is the fact that the Netherlands and United Kingdom have independent privacy agencies, with agencies of 50- and 100-plus employees respectively, to take complaints and initiate legal action against privacy violators.
"I come from a country where data privacy laws have existed for the past ten years, covering private and public [entities]," said Peter Hustinx, president of the Data Protection Authority in the Netherlands.
"We advise the Parliament and deal with complaints. We take a proactive approach--we don't wait for cases to come to us," he added during the panel. "Under the statute we are independent. I can only be removed by decision of the Supreme Court."
Like the Netherlands, the United Kingdom also supports industry voluntary efforts--but has the power to back up the plans with legal enforcement.
"I would still be able to take enforcement action against a company that was taking self-regulatory action if a consumer came forward that was harmed [by the company]," said Elizabeth France, head of the U.K. Data Protection Registrar.
On the other hand, the newly appointed U.S. privacy counselor, Peter Swire, who works for the Clinton administration, will not directly handle consumer redress and will have only two dedicated staff members.
"It's a big problem that he can't criticize the administration," Gellman observed.
Many in the privacy community respect Swire, a professor and renowned author on the issue, and expect that he will impact the White House stance. The Commerce Department and Federal Trade Commission also are heavily involved in the issue, with the FTC contending that it has the authority to crack down on Web sites that violate their voluntary policies.
"The administration has taken significant steps to show its commitment to privacy protections," Swire said during yesterday's talks.
He emphasized that the Office of Management and Budget has great authority to strengthen privacy practices through its implementation of the Paperwork Reduction Act, which established the OMB as controller of government information policies.
But such piecemeal agency efforts haven't calmed consumer advocates' deafening outcry for an overall data privacy protection law in the United States that includes strong legal recourse.
To promote e-commerce and to diffuse new technologies' erosion of privacy, more than 40 countries have enacted, or are in the process of passing, comprehensive privacy laws, according to a new study, "Privacy and Human Rights 1998," by David Banisar of the Electronic Privacy Information Center and Simon Davies of Privacy International.
"A patchwork of [U.S.] laws covers some specific areas of information. These include financial records, credit reports, video rentals, cable television, educational records, motor vehicle registrations, and telephone records," the report states.
"The U.S. is a member of the Organization for Economic Cooperation and Development but has not adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in any substantive way in either the public or private sector," it adds.
Some contend the United States is behind in private sector initiatives because unlike other nations, lawmakers here have always been focused on protecting citizens from "Big Brother's" prying eyes--not corporations.
"Europe has given more concern to the private sector, while here we're more worried about the government invading our privacy," she added. "But I do think the FTC ought to get its budget increased [to deal with privacy violations]."
However, with the advent of the Net, data mining, and the general consolidation and computerization of private records, many feel the United States should get up to speed and hope the European Union will force its hand.
"Most countries see the EU directive as the model--the United States is the major holdout," said Colin Bennett, a privacy expert at Canada's University of Victoria. "The United States should adopt this--there are a lot of privacy problems, and citizens need proper recourse."