Concerned that the Obama Administration is trying to weaken
a European Union effort on online privacy, a number of advocacy groups have
written to officials including Secretary of State John Kerry, Attorney General
Eric Holder and former FCC chairman Bill Kennard, now ambassador to the
European Union, asking for a meeting to discuss their concerns.
According to a copy of the letter obtained by B&C/Multichannel News, they argue that personal data "is being
abused by both the commercial sector and governments," they write.
"In fact, the line is increasingly blurred as personal data passes between
both with few restrictions."
They point out that the EU is developing both overarching
data protection legislation and a law enforcement directive on collection and
use of personal information, which they support.
By contrast, they say, the
members of the European Parliament have told them that the U.S. government
and industry together are continuing an "unprecedented lobbying campaign
to limit the protections that European law would provide."
They said they believed the president has a strong
commitment to protection of privacy, pointing to the February 2012 privacy bill
of rights the administration put forward. That was billed as a self-regulatory
regime, but the groups, which include the ACLU, Center for Digital Democracy
and the Consumer Federation of America say it should be made the law of the
land. "Without implementation and enforcement, the Consumer Privacy Bill
of Rights will become a hollow promise."
The EU adopted a Data Privacy Directive in 1995 to
"harmonize" privacy protection within EU and prevent personal
information from flowing to other countries that EU believed lacked adequate
protections. That was later updated to include E-privacy. The directive applies
to affiliates of U.S. corporations and requires them to adhere to seven basic
principles: Notice, purpose (data should be relevant to its use), consent,
security, disclosure, access (ability to correct inaccuracies in data) and
New privacy laws the EU is proposing include expanding the
definition of personal information, strengthen consent requirements, establish
the ability to limit online profiling, mandate breach notifications and more.
The fact that each state is responsible for incorporating
the EU principles into its own privacy laws has created problems for U.S.
affiliates, even though the U.S. negotiated a safe harbor in 2000 that allows
them to voluntarily adhere to data protection principles instead.