No Promises From Commerce Dept. on Timing of Long-Awaited Administration Privacy Policy
A Commerce Department official offered no certainty Tuesday about how quickly a long-promised department white paper on the administration’s privacy policy will come out. “I would hope in the coming weeks,” said Alexander Hoehn-Saric, the deputy general counsel for strategic initiatives. But he said that “it always seems to take longer than you would want.” Speaking at a webcast Practising Law Institute seminar in New York, Hoehn-Saric didn’t explain the uncertainty, and a department spokeswoman didn’t get back to us right away. A draft report was released late in 2010, the final version was promised at least as long ago as summer 2011, and members of Congress have pressed for prompt action.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Hoehn-Saric warned companies that the FTC can come after them not only for violating their privacy policies -- or the private multi-stakeholder codes of conduct that the administration envisions and that the companies sign on to -- but also for going against representations they make in lists of frequently asked questions (FAQs) and elsewhere. Worries about consumer class-action lawsuits are encouraging businesses to overload their privacy policies, said Erica Newland, a policy analyst at the Center for Democracy & Technology. A policy written broadly enough to cover whatever a company thinks it might want to do in five years instead of just what it’s doing now “really defeats the purpose of the privacy policy,” she said. There are interesting technologies that can raise flags for users about possible privacy problems without overloading them, Hoehn-Saric said.
The baseline federal privacy legislation that the administration supports enacting to supplement the sector-by-sector approach taken historically can help the U.S. become a model for foreign governments, Hoehn-Saric said. Europe has “more of a codified system” that’s easier for them to emulate, and Latin American governments in particular are “looking at going to the EU system,” he said.
The speakers expressed skepticism about a right to be forgotten as advocated in a new proposed revision of the EU’s Data Protection Directive. It’s “easy to say” the phrase but “hard to figure out both what it means and how you would implement it,” Hoehn-Saric said. Any such right might be invoked concerning very different kinds of information, from sensitive data that a business holds on to, to critical comments by one Internet user about another, the speakers said.
The only remedy for problems created by Google’s privacy changes seems to be an “outcry from consumers” like those that have met actions by Facebook, Newland said. Google gives users some control over use of their information, but offering data portability is “not really a great solution, because these days it’s hard to leave Google altogether,” she said. Hoehn-Saric credited the company with meeting consumer expectations by not exchanging information between its DoubleClick ad business and Google-branded services.