The 32d Annual International Conference of Data Protection and Privacy Commissioners begins this week in Jerusalem. Hogan Lovells Privacy and Information Management Leader Christopher Wolf will be a panelist and will present a paper entitled: "Targeted Enforcement and Shared Lawmaking Authority as Catalysts for Data Protection in the United States." An article adapted from that presentation appears in this week’s BNA Privacy and Security Law Report and BNA graciously has allowed us to provide a reprint of that article here.
The focus of the international privacy meeting in Israel will be the challenges presented to existing legal regimes by advances in technology and the willingness of people — especially young people — to share great amounts of personal information online. It is widely agreed that current laws need reexamination and possible revision in light of new ways to collect and share personal data. It is in that conext that the "Targeted Enforcement and Shared Lawmaking Authority" paper is offered for international consideration to demonstrate effective aspects of US law.
The paper begins:
Modern democracies are committed to the protection of personal data. There are various approaches to achieving protection, ranging from the comprehensive regulatory approach of the European Union, to the harms-based APEC framework, to the sectoral and geographic approach of the United States, which relies heavily on Federal Trade Commission (FTC) enforcement against unfair or deceptive consumer practices and the combination of federal and state laws. The US framework frequently is criticized for the absence of a comprehensive privacy law. Indeed that perceived deficiency has resulted in a persistent finding by the EU that the US lacks “adequate protection” for personal data, requiring legal work-arounds for the cross-border transfer of personal data from the EU to the US. At the same time, there is global recognition of a need to re-examine privacy governance to cope with the implications of new technologies, and to protect generations of technology users.
Without debating the primacy of one approach to the protection of privacy over another, it nevertheless is useful to look beyond labels and common perceptions to examine the effective aspects of the United States regime (emphasis supplied). This paper discusses the effectiveness of enforcement by the FTC under its jurisdiction to police unfair and deceptive practices, and the experience in individual states as incubators of new privacy and data security laws that have nationwide effects. It also highlights privacy-enhancing practices and technologies adopted by businesses aware of the advantages of self-regulation over prescriptive rules and the need to self-regulate and innovate to avoid restrictive regulation.
Read more here.