How does the USA protect data privacy?
A free flow of information under constant scrutiny.
…
The European Union and the USA have diverging ideas about data privacy. The main difference between the two is that the USA considers personal data as a commercial good whereas the European Union considers it as a personality attribute.
The US government has always been in favor of the free flow of information and the self-regulation of the market. The American government will either trust private companies to apply fair privacy policies, or will set rules at a sector level.
For instance, the Federal Trade Commission passed a few laws at an industry level such as the Fair Credit Reporting Act (1970), the Children’s Online Privacy Protection Act (1998) or the Health Insurance Portability and Accountability Act (1996). But there is no legislation to protect personal data which is being collected and exchanged in every day commercial transactions. Resellers, travel agencies, charities, tabloid editors are all free to collect and communicate consumers’ personal data.
Nonetheless, in the USA, consumers are protected by privacy enhancing technologies (PET). PET is defined as a set of computer tools, applications and mechanisms which – when integrated in online services or applications – allow online users to protect the privacy of their personally identifiable information provided to and handled by such services or applications. An example of a good PET is the Anonymizer which hides the real online identity (email address, IP address, etc) and replaces it with a non-traceable identity (disposable email address, random IP address, pseudonym, etc). Such tools can be applied to email, web browsing, P2P networking, VoIP, or instant messaging.
American consumers’ data privacy is also protected by the electronic privacy information centre (EPIC). EPIC acts as an interest group which lobbies Washington. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy. It pursues a wide range of activities including privacy research, public education, conferences, litigation, publications, and advocacy. EPIC even publishes the online EPIC Alert every two weeks with information about emerging privacy and civil liberties issues. Some of its most recent campaigns aimed to raise awareness on airport surveillance and “stop digital strip searches”, but the organization is also monitoring the latest developments on cloud computing.
In a similar fashion, TRUSTe is an American independent organization which provides privacy seals to help businesses to promote online safety and trust, and guide consumers to websites that protect their privacy online. Companies can choose from privacy certification and compliance services that include the Web Privacy Seal, the EU Safe Harbor Privacy Seal and the COPPA Kid’s Seal Program.
Safe harbor is a framework designed by the U.S. Department of Commerce to comply with the European Commission’s Directive on Data Protection (1998) – which prohibits the transfer of personal data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection. Certifying to the safe harbor helps American companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws.
Last but not least, at a public services level, the US government adopted its Privacy Act in 1974 which applies to the whole of the federal administration. It ensures the principle of transparency, the right to access data and modify it, and limits data storage/usage/diffusion. Moreover, every administration hosts a chief privacy officer (CPO) who makes sure that the Privacy Act is respected internally and who reports to a separate White House department called the office of management and budget (OMB).
In their 2009 report entitled Private Life in a Time of Digital Memory, French Senators Yves Detraigne and Anne-Marie Escoffier come to a conclusion that the USA is somehow ahead of the European Union in terms of effective data privacy protection. The main critic that the EU often receives is that it does have a lot of good broad principles about data privacy but if a consumer actually wants to try out his right to completely remove his personal data from a network, there is no-one to turn to for help. There is also no-one acting independently to raise awareness on personal data protection. Even though these are just critics, the EU seems to be lagging behind when it comes to executing its legislation.