Concerned that the Obama Administration is trying to weaken a European Union effort on online privacy, a number of advocacy groups have written to officials including Secretary of State John Kerry, Attorney General Eric Holder and former FCC chairman Bill Kennard, now ambassador to the European Union, asking for a meeting to discuss their concerns.
According to a copy of the letter obtained byMultichannel News, they argue that personal data "is being abused by both the commercial sector and governments," they write. "In fact, the line is increasingly blurred as personal data passes between both with few restrictions."
They point out that the EU is developing both overarching data protection legislation and a law enforcement directive on collection and use of personal information, which they support.
By contrast, they say, the members of the European Parliament have told them that the U.S. government and industry together are continuing an "unprecedented lobbying campaign to limit the protections that European law would provide."
They said they believed the president has a strong commitment to protection of privacy, pointing to the February 2012 privacy bill of rights the administration put forward. That was billed as a self-regulatory regime, but the groups, which include the ACLU, Center for Digital Democracy and the Consumer Federation of America say it should be made the law of the land. "Without implementation and enforcement, the Consumer Privacy Bill of Rights will become a hollow promise."
The EU adopted a Data Privacy Directive in 1995 to "harmonize" privacy protection within EU and prevent personal information from flowing to other countries that EU believed lacked adequate protections. That was later updated to include E-privacy. The directive applies to affiliates of U.S. corporations and requires them to adhere to seven basic principles: Notice, purpose (data should be relevant to its use), consent, security, disclosure, access (ability to correct inaccuracies in data) and accountability.
New privacy laws the EU is proposing include expanding the definition of personal information, strengthen consent requirements, establish the ability to limit online profiling, mandate breach notifications and more.
The fact that each state is responsible for incorporating the EU principles into its own privacy laws has created problems for U.S. affiliates, even though the U.S. negotiated a safe harbor in 2000 that allows them to voluntarily adhere to data protection principles instead.