Simply Security - News, Views, and Opinions from Trend Micro

Posted on April 3rd, 2012 in Current News by Simply Security | Be the first to comment | Tags: Compliance & Regulations

EU officials continue to urge their American counterparts to step up data privacy enforcement efforts.

The United States and European Union (EU) have emerged as the global authorities on data privacy awareness and enforcement. But while the two share similar views on the importance of protecting personal information from accidental disclosure and willful abuse, officials have not always seen eye to eye on the logistics.

Earlier in the week, regulators from both sides of the Atlantic came together for the High Level Conference on Privacy and Protection of Personal Data, an event simultaneously hosted in Washington, D.C., and Brussels. European Commission (EC) vice president Viviane Reding and U.S. Secretary of Commerce John Bryson led the discussion, highlighting their shared responsibility in safeguarding the records of private citizens.

"The European Union and the United States are global leaders in protecting individual freedoms, including privacy, while at the same time fostering innovation and trade that are so critical to the world economy, notably in the present times," a joint statement read. "Stronger transatlantic cooperation in the field of data protection will enhance consumer trust and promote the continued growth of the global Internet economy and the evolving digital transatlantic common market."

Each side has made proactive steps toward these expressed goals in recent weeks, with the EC proposing several fundamental data privacy reforms, including the unification of regulatory protocol across member states. Conversely, the United States has released its Consumer Privacy Bill of Rights, and legislators are currently debating its passage.

There has also been an emphasis on bolstering the interoperability of data privacy enforcement in an increasingly globalized economy, and admiration has been expressed from Americans taking an interest in the Europeans' "one-stop-shop" model that aims to establish a centralized ruling authority. 

"As the EU and the United States continue to work on significant revisions to their respective privacy frameworks over the next several years, the two sides will endeavor to find mechanisms that will foster the free flow of data across the Atlantic," officials added.

But despite the political rhetoric and diplomatic pleasantries on display, some pointed words were exchanged between panel speakers as well. One of the most prevalent criticisms was the notion that U.S. enforcement efforts have lacked sufficient strength to engender a significant impact in the field.

According to PCWorld, EC director of fundamental rights and citizenship Paul Nemitz took issue with the fact that American regulators have focused more on holding companies accountable to their own self-policing promises rather than intervening to establish stronger industry- and sector-wide standards.

Nemitz even traded barbs with Department of Commerce general counsel Cameron Kerry, suggesting that the Federal Trade Commission (FTC) was a global leader in public relations as opposed to data privacy protection. FTC officials took this criticism in stride, according to PCWorld, suggesting that publicizing their enforcement efforts was a crucial means of deterring future transgressions.

Nevertheless, it would be hard to discredit the argument that EU regulators have ruled their regional data privacy arena with a stronger fist. According to PCWorld, Nemitz suggested that the Obama administration's "multi-stakeholder," cross-sector approach does not "carry the legitimacy" of decisions made by elected officials. Instead of allowing the formidable lobbying resources of telecommunications companies to come into play, for example, the EU has proven itself willing and able to stand up to erring Internet service providers with steep sanctions.

According to the Hill, the U.S. government has been most active in regulating the health IT arena, dictating how medical offices and service providers handle consumer data and stepping up audit schedules. While the Data Privacy Bill of Rights provides clear recommendations for how Internet companies should manage sensitive information, it remains to be seen whether those provisions will turn out to be more bark than bite.

Data Security News from SimplySecurity.com by Trend Micro