Privacy and Security TidBits

The Privacy Law Salon: Dialogue with Policymakers

Yesterday, the first Privacy Law Salon in Washington DC, took place at the National Press Club. The Privacy Law Salon: Dialogue with Policymakers, was “a unique meeting of the most experienced practitioners and corporate executives dealing with privacy law matters, and a unique opportunity to interact with the policymakers affecting the future of privacy.”

The purpose of the Salon was “to facilitate a high-level exchange of ideas and in-depth dialogue on cutting-edge and emerging issues that are vital to clients, corporations, government and the public interest.”

The Salon was held under the Chatham House Rule.

Some of the main points discussed included:

1. Do Not Track: The DNT system will be in place within a year from now.

2. EU and Global Privacy Interoperability:

  • The global debate of the EU prescriptive system v. the US enforcement system will take center stage in the coming year.
  • The global flow of information has been rephrased as a trade policy issue: the use of mutual recognition and enforcement arrangements, so information can flow freely.
  • Many are uncomfortable with the notion of the US seeking “adequacy” status from the EU. The terms “interoperability” and “mutual recognition” are much preferred.
  • The single most important action from the US towards “interoperability” with the EU would be the passing of the “Privacy Bill of Rights” proposed by The White House last February, but it is very questionable whether this bill will be passed within the next year.
  • Instead, the Safe Harbor and BCR Frameworks will probably be expanded.

3. Context:

  • The new “context of interaction “ standard, recommended in the FTC  report of last March, for establishing whether the consumer needs to be provided with privacy choice when personal data are collected, prompted a lot of participants to demand clarification as to exactly what that new standard meant: Is the new standard to be measured by the “Expectation of Privacy” from the consumer, or should the absence v. possibility of harm to the consumer be preferred as a measuring rod in order to determine whether the collection of personal data happened within the “context of interaction”? The latter seemed to be the more popular view.
  • This lead to a request from participants for more clarity and guidance as to what exactly constitutes “privacy harm”.

4. Hot Topics: As current “hot topics” in Privacy were mentioned:

  • Social Media Policies and their need for compliance with the NLRB rules.
  • The need for coherence in policymaking and applications of the rules.
  • The need for more technical knowledge from the regulators.
  • The gaps in health data coverage by HIPAA. The example was cited of the physician who does not accept health insurance, and therefore is not covered by HIPAA.
  • The “Cloud” and access to personal data by Governments.

5. FTC Enforcement Issues: Participants expressed a desire for more transparency and for more disclosure of standards used in FTC settlements. It was pointed out that, even though the right to appeal the FTC settlement decisions exists, it has never been exercised.

The lack of jurisprudence in this area was unanimously deplored.