Rough seas in safe harbors
Should the U.S. punish online privacy violators?
(IDG) -- Regular readers of this column know my general level of distrust of the U.S. government's willingness to protect individual privacy in the face of some U.S. businesses' desire to know everything about you and to sell that information to anyone with enough cash.
I've commented on the fundamental differences between the European and American approaches to privacy protection. The Europeans feel that the violation of privacy protection regulations should be made a crime. The U.S. government claims that such laws offer false comfort, so there should not be any laws to compel protection.
Instead, the U.S. maintains we should trust that the companies in the data business will agree to protect your private information when threatened with no penalty other than bad publicity if they are caught lying.
We have now reached another turning point in the privacy saga. On Oct. 25, the European Union's Directive on Data Protection became effective. This directive requires that the member states of the European Union must pass specific legislation to protect the privacy of information about individuals and to prohibit the transfer of data that can identify an individual to other countries that do not provide an "adequate" level of data protection.
If the laws that are being adopted to comply with the directive were to be strictly enforced, no U.S.-based business or individual would be able to import data, such as personnel files or credit card transaction logs, from Europe.
The U.S. government is currently trying to deal with this issue. Because the government is unwilling to pass laws to protect personal information, it is trying to get the Europeans to agree to a "safe harbor" for U.S. companies that want to import European data. The U.S. proposal is to publish a list of companies that agree to abide by certain privacy protection principles.
There are many things wrong with the U.S. government's idea, not the least of which is that no credible penalty is proposed for companies that agree to the principles and then proceed to ignore them.
The principles are good ones, but they are expressed in generalities. It is easy to see many ways that a company could evade the privacy restrictions.
This proposal reminds me of an internal Boston Globe headline that was accidentally printed during the Carter administration. This proposal is "more mush from the wimp," the headline read. The U.S. government is being a wimp in the whole area of privacy. It is using excuse after excuse to avoid confronting the fact that for far too many U.S. businesses, personal information about you is just another commodity to sell to all, not just the highest bidders.
If there was serious concern about the privacy of individuals, a proposal of this type would have called for clear, unambiguous laws that would make the unauthorized disclosure of private data a felony. Without such laws, this is mush.
Disclaimer: A boathouse on the Charles River is Harvard's closest approximation to a harbor, so the above is my mush.
Bradner is a consultant with Harvard University's University Information Systems. He can be reached at sob@ harvard.edu
Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.