| |
| META TOPICPARENT | name="FirstPaper" |
|---|
| | |
Introduction | |
<
< | The Obama administration recently released its Consumer Data Privacy Framework advocating for new legislation to comprehensively define consumer data protection rights. Unlike many European countries, the United States does not a law
regarding privacy for all aspects of personal data collection on the Internet. Outside of several sectors, such as health care and credit reporting, the Federal government does not have laws protecting consumers from commercial exploitation of personal data. While the Electronic Communications Privacy Act does set up some marginal protection from government intrusion into electronic communications, it does not protect people from third parties. Since third parties are so proficient at collecting personal data, the government certainly has an incentive to not excessively curtail
this activity. The Framework, while high in rhetoric, is empty in substance precisely because the government does not truly care about individual privacy. | >
> | The Obama administration recently released its Consumer Data Privacy Framework advocating for new legislation to comprehensively define consumer data protection rights. Unlike many European countries, the United States does not have a law regarding privacy for all aspects of personal data collection on the Internet. Outside of several sectors, such as health care and credit reporting, the Federal government does not have laws protecting consumers from commercial exploitation of personal data. While the Electronic Communications Privacy Act does set up some marginal protection from government intrusion into electronic communications, it does not protect people from third parties. Since third parties are so proficient at collecting personal data, the government does not want to excessively curtail this activity. The Framework, while high in rhetoric, is empty in substance precisely because the government does not truly care about individual privacy. | | | What the government says it cares about | |
<
< | In the Framework, the administration claims that the current world lacks “a clear statement of basic privacy principles that apply to the commercial world” (emphasis added). It is true that there is no definitive statement of privacy principles on the books. The Federal Trade Commission has broad powers under § 5 of the FTC Act to prosecute “unfair or deceptive acts” and it has used this power to go after perceived privacy problems with some Internet companies. However, because technology evolves so quickly, it is necessary that the law be based on standards rather than rules. As ECPA demonstrates, clearly defining privacy rules based on contemporary technological practices becomes archaic and pointless. Instead, the Framework embraces setting standards about personal data collection and use based on Fair Information Practice Principles: individual control, transparency, respect for context, security, access and accuracy, focused collection, and accountability. This is certainly the better path to take to ensure that technology does not outpace legal protection. | >
> | In the Framework, the administration claims that the current world lacks “a clear statement of basic privacy principles that apply to the commercial world.” It is true that there is no definitive statement of privacy principles on the books. The Federal Trade Commission has broad powers under § 5 of the FTC Act to prosecute “unfair or deceptive acts” and it has used this power to go after perceived privacy problems with some Internet companies. However, because technology evolves so quickly, it is necessary that the law be based on standards rather than rules. As ECPA demonstrates, clearly defining privacy rules based on contemporary technological practices becomes archaic and pointless. Instead, the Framework embraces setting standards about personal data collection and use based on Fair Information Practice Principles: individual control, transparency, respect for context, security, access and accuracy, focused collection, and accountability. This is certainly the better path to take to ensure that technology does not outpace legal protection. | | | The administration claims that consumers need some protection in order to maintain consumer trust in networked technologies and that the Framework will provide such protection. While it may be true that consumers need to trust Internet companies for them to use online services, it is questionable as to what it would take for consumers to lose that trust as almost every new Facebook “feature” was eventually adopted by users. Yet, despite Mark Zuckerberg’s efforts to shift the privacy paradigm into sharing is good, privacy as a concept still sounds desirable to most Americans. This allows the Obama administration to claim that it is looking out for the public interest in promoting privacy.
What the government actually cares about
Despite its public relations side espousing principles of personal data autonomy, the government has an interest in encouraging the public to disregard privacy. There is no need for the government to do its own spying when people voluntarily give up every detail of their lives and their friends’ lives to online companies. The government can rely on these companies to collect the information and freely reach into their databases whenever it needs something that it may otherwise be prohibited from acquiring itself. Hence there is a dichotomy between protecting the public from voracious companies out to ravage personal data while making sure that the government has access when it wants. In other words, it is bad when private companies do gather and sell personal data, but not when it is for the government. | |
<
< | Under the principle of Focused Collection, “[c]ompanies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise” (emphasis added). This “legal obligation” can be broadly read, but it illustrates what the government wants. In the section explaining what potential consumer data privacy protection legislation should avoid, it lists the following, among others: | >
> | Under the principle of Focused Collection, “[c]ompanies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise.” This “legal obligation” can be broadly read, but it illustrates what the government wants. In the section explaining what potential consumer data privacy protection legislation should avoid, it lists the following, among others: | | |
- Altering existing statutory or regulatory authorities pursuant to which the government may obtain information that is necessary to assist in conducting border searches, investigating criminal conduct or other violations of law, or protecting public safety and national security.
- Contravening the ability of law enforcement to investigate and prosecute criminal acts, and ensure public safety.
|
|