The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January...
-
Upload
makayla-mackay -
Category
Documents
-
view
214 -
download
0
Transcript of The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January...
![Page 1: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/1.jpg)
“The United States, Privacy, and Data Protection”
Peter P. SwireDutch Embassy PresentationJanuary 19, 2001
![Page 2: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/2.jpg)
Overview
The Inevitability of Societal Decisions on Privacy
Clinton Administration Actions A Look Ahead
![Page 3: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/3.jpg)
E-mail attachment as the new metaphor From mainframe to the e-mail attachment 1970s and mainframes
– Worry about large, centralized databases– Fair Credit Reporting Act, 1970– Privacy Act of 1974– First European data protection laws
![Page 4: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/4.jpg)
Changes to the 1990’s
Everyone has a mainframe -- laptop or desktop
Transfers are free, instantaneous, & global Usually change symbolized by the web Better image is the e-mail attachment
– Anyone to anyone– Can attach anything to an e-mail– The lived experience of almost all users
![Page 5: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/5.jpg)
Inevitability of Societal Decisions about Privacy The lack of a status quo Examples:
– State public records– Medical records– Financial records– Internet records
![Page 6: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/6.jpg)
The Lack of a Status Quo
Old reality:– Relatively few databases– Relatively few rules -- by law or industry
New reality:– Far more databases, with more detail– If few rules, then vastly greater data flows– If try to retain pre-existing privacy balance,
then will have many more rules
![Page 7: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/7.jpg)
Public Records
Old reality (e.g., 20 years ago)– Legal openness, state open government laws– Practical obscurity -- cost and bother of going
to the courthouse for paper records New reality:
– Legal openness, except drivers’ records– Practical openness, far more intensive use– Bankruptcy and privacy study
![Page 8: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/8.jpg)
Medical Records
What has changed:– Mostly paper to mostly electronic– Records held by large providers and plans, and
used for many management purposes Societal response:
– HHS medical privacy regulations
![Page 9: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/9.jpg)
Financial Records
What has changed:– Level of detail -- from credit history to
transactional history– Industry convergence
Societal response– FCRA– Financial Modernization law 1999– Clinton Administration pushed for more
![Page 10: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/10.jpg)
Internet Privacy
Old reality?– None.
“Inevitability of societal decisions”– Web sites– Online profiling– GUIDs– Etc. -- IPv6, links to offline, and so on
![Page 11: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/11.jpg)
What are “Societal Decisions”?
Technology -- engineers in the company or standards organizations
Markets -- company decisions and contracts with business partners
Self-regulation Governmental rules Transborder rules -- Safe Harbor
![Page 12: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/12.jpg)
Conclusion on “societal decisions” No status quo: can’t return to few databases
and few rules Number and velocity of privacy issues
increasing rapidly E-mail attachments: solutions must be
robust in a world of anyone-to-anyone transfers
![Page 13: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/13.jpg)
II. Clinton Administration Privacy Policy
Support self-regulation generally– Applaud self-regulatory efforts
Sensitive categories deserve legal protection– Medical & Genetic– Financial & ID Theft– Children’s Online
Government should lead by example
![Page 14: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/14.jpg)
Internet Privacy
Quantity of policies– 15% to 66% to 88% from 1998 to 2000
Quality of policies– Seek fair information practices
Major legislative push this year
![Page 15: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/15.jpg)
Safe Harbor
Now approved by E.U. Self-regulation as a core achievement Lawful basis for trans-Atlantic data flows Streamlined registration Up for review in summer, 2001 Financial services not yet addressed
![Page 16: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/16.jpg)
Medical Records Privacy
HIPAA 1996 called for legislation by 8/99 President announced proposed regs 10/99 Over 53,000 submissions of comments Final rules announced December, 2000 Take effect early 2003
![Page 17: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/17.jpg)
Genetic Discrimination
February 8 Executive Order– Prohibits federal agencies from using genetic
information in hiring or promotion Call for legislation
– Daschle/Slaughter bills– Extend protections to private sector– Apply to purchase of health insurance
![Page 18: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/18.jpg)
Children’s Online Privacy
Children’s Online Privacy Protection Act of 1998
FTC rules took effect 4/2000 Key is “verifiable parental consent”
![Page 19: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/19.jpg)
Financial Privacy
Financial Modernization Act – Notice for 3d parties and affiliates– Opt out choice for 3d parties only– Significant enforcement provisions
![Page 20: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/20.jpg)
Federal Databases
Privacy Act in place since 1974 Now, all agencies have privacy policies at
their major web sites Summer 2000 -- presumption against the
use of “cookies” at federal web sites Other OMB actions
![Page 21: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/21.jpg)
III. LookingAhead
Bipartisan interest in privacy protections Republican focus especially on misuse in
the government sector Democrats more likely to favor regulation
of the private sector Growing realization, though, that data flows
between the sectors
![Page 22: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/22.jpg)
The Bush Administration
Campaign statements similar to Clinton Administration approach:– Focus on sensitive medical and financial– Encourage self-regulation– But, comments by Bush himself suggested
more activist
![Page 23: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/23.jpg)
Which U.S. Institutions will Lead? OMB -- traditional role for government
databases Larry Lindsay -- possible policy lead FTC -- independent agency has called for
Internet legislation Hard to imagine a new federal privacy
agency in medium term
![Page 24: The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.](https://reader036.fdocuments.us/reader036/viewer/2022062511/55147e8e550346ea6e8b4856/html5/thumbnails/24.jpg)
Conclusion
U.S. has taken significant legal steps toward protecting most sensitive information
Ongoing debate of whether to expand to the Internet, or even off-line
Unclear what institutions would regulate in the area
Likely significant change within 5-10 years