Compatibility and shared principles take centre stage at the EU Conference on privacy and protection of personal data held in Washington, D.C. and Brussels
This post was written by Cynthia O'Donoghue.
A joint US-EU Conference on Privacy and Protection of Personal Data took place in Washington, D.C. and Brussels in March and coincided with the release of a joint US-EU Privacy Statement.
Keynote speeches were delivered by Viviane Reding, the Vice-President of the European Commission; US Congressman Ed Markey (D-Mass.); and Julie Brill, Commissioner of the FTC. Each of the keynote speakers welcomed the cooperation between the EU and the US, and the potential to work together toward common standards.
Viviane Reding stated that solid protection was needed to gain user trust for a digital economy to flourish. She welcomed US activity in the area of data privacy, as there was potential for the EU and the US to work together on a “Gold Standard”, which would support the joint commitment made by President Obama and EU President Barroso during the November 2011 EU-US Summit.
Rep. Markey felt the US could learn a lot from the EU given that US citizens have the same concerns as EU citizens when it comes to data privacy, and that privacy and data protection are based on a key principle of “Knowledge, Notice and No” – people want to know what is happening, and they want options for control and the ability to say “no”. He believes that consumers should have control over their personal information. While the proposed EU Regulation sets a high bar for the US, Rep. Markey felt this was the right model for the US to follow. Rep. Markey highlighted the problems with online behavioural advertising, the risks to children, and the reasons for his introduction of the “Do Not Track Kids Act”.
Julie Brill urged the US and the EU to “shape the future of privacy”, and to focus on similarly based principles and underlying compatibility of their respective frameworks, such as providing effective tools for consumers and giving users access to data which is accurate and secure. She commented that the FTC is committed to “enforcement across borders” and noted that the FTC consent-orders relating to Google and Facebook protect users worldwide.
The discussions highlighted the differences in approach between the EU and the US, with EU’s draft Regulation seeking to create a single system across 27 member states which would cut red tape, reduce fragmentation and be good for business, and which had a common goal with the White House’s Consumer Privacy Bill of Rights, which seeks to also build on an existing framework. Most speakers agreed that there was little disagreement between the EU and US in relation to basic values, and David Vladeck of the FTC felt that Privacy by Design should be a basic pillar of both EU and US policy.
Baroness Sarah Ludford, a member of the EU Parliament, commented that the safe harbor framework was a good basis for increasing trust for transfers of data from the EU to US, and she was optimistic about developments between the US and the EU and the key similarities in proposed regulations even if the mechanisms are different. In the future, she hoped to see an umbrella agreement between the US and the EU which would provide a stable, permanent framework.
The recurring theme of the discussions was how far the EU and the US had come, and that the focus should be on common shared points rather than on differences. Interoperability was mentioned frequently by a number of participants, as well as the idea of harmonisation and global, flexible regulation. Speakers felt the EU and the US should work towards elements such as common principles, common implementation and common enforcement, including the imposition of high sanctions and fines which are vital to successful enforcement.
The US-EU Joint Statement on Privacy seeks to work towards a consensus on how to take emerging privacy issues in line with the objectives of increasing trade and regulatory cooperation, and the US and EU each reaffirmed their commitment to the US-EU Safe Harbor Framework.
A full programme of the conference can be found here.