Congressional Internet Caucus Talks Privacy

By Peter Swire and Steven Beale

Posted on May 17, 2012


On May 14, the Advisory Committee to the Congressional Internet Caucus hosted a lunch discussion to a standing-room crowd, entitled “New Internet Privacy Legislation: What the White House, Federal Trade Commission and the European Commission are Recommending.” The Federal Trade Commission’s Maneesha Mithal began the event with a briefing, followed by a panel discussion chaired by the Future of Privacy Forum’s Chris Wolf. The panelists were Justin Brookman (Center for Democracy and Technology), Steve DelBianco (Netchoice), Rachel Thomas (Direct Marketing Association), and Peter Swire (Professor of Law, Ohio State).

Mithal presented an overview of the FTC’s recent privacy report. She affirmed that unless Congress enacts legislation, the actions called for in the Report are best practices but not generally enforceable.

After Mithal, the panel discussed a variety of issues including: comprehensive privacy legislation in the U.S., the White House’s multi-stakeholder approach, data breach notification laws, industry codes of conduct, E.U. attitudes towards the U.S. privacy framework, and the E.U.’s right to be forgotten. Wolf began the panel by quoting President Nixon’s remarks at the State of the Union, almost 40 years ago, calling for passage of comprehensive privacy legislation. He then asked: should Congress pass privacy legislation now, and what has changed since Nixon’s speech? Thomas discussed the great strides that self-regulatory efforts have made and pointed out that the Obama administration has praised self-regulation. Swire compared the situation today to the period in the late 1990’s when the U.S. enacted HIPAA, Gramm-Leach-Bliley, and the Children’s Online Privacy Protection Act, as well as negotiated the Safe Harbor with the E.U.  The chance of some form of privacy legislation passing, therefore, should not be discounted.  Brookman emphasized that the scope of surveillance technology is much greater today than when Nixon delivered his speech.

Wolf also asked the panelists whether they thought the EU would ever recognize the adequacy of U.S. privacy laws unless the U.S. passes comprehensive privacy reform. DelBianco believed that the U.S. should not change its practices just to please Europe. Brookman agreed, but thought that the U.S. should pass comprehensive privacy legislation based on its own merits. Swire, meanwhile, pointed out that many U.S. companies have substantial assets and employees based in Europe. Such companies cannot ignore applicable EU law.  If the U.S. does not find an approach for interoperable privacy practices with Europe, then such companies may have greater reason to use EU law as their global default.

The panelists returned repeatedly to the pros and cons of self-regulation versus legislation.  This issue has been a centerpiece of U.S. privacy debates since the mid-1990’s.  Self-regulation generally works best when the actors believe they have to adopt good practices, or else rules will be come from a different source.  Interest in privacy is high today, as illustrated by the big turnout for this event.  But self-regulation may not work as effectively when the public’s concern turns to other issues.

Peter Swire is a Professor at the Moritz College of Law of the Ohio State University, and works on privacy issues with a number of organizations. Steven Beale works with Swire at the Future of Privacy Forum.