What does this mean? In simple terms, the European Union has constitutional data protection rights that the U.S. does not. Some states in the U.S. include the right to privacy in their constitutions, but as a nation - we do not. Please do not get sidetracked on the belief that the U.S. does have a right to privacy in its constitution (which is a common misconception) - I can cover that in more detail in another post, but for now, just accept that the U.S. does not have an explicit constitutional right to privacy even though the U.S. Supreme Court held that the constitution has penumbras, one of which is the right to privacy. Back to topic.
The U.S. also does not have general federal data protection laws. We have sectoral laws - financial, health, education, etc. and states have laws - notably, Massachusetts, California, and Texas. Because of this, the U.S. does not meet the EU standards for data protection, yet many U.S. companies are global and collect data on EU individuals. Unless there is some mechanism recognized by the EU to protect the data on these individuals, the U.S. companies are not permitted to export that data from the EU (and in fact, some EU countries have very strict standards). Let's stick to just the EU in general and not delve into the spiderweb of regulations and laws generated by the various member states.
Did you catch the point above about exporting data on EU individuals? Exporting data does not mean merely putting data in a box and mailing it. It also means electronic access to data from outside the EU borders. Thus, the issue at hand with the FTC.
Approximately 3000 U.S. companies have self-certified to the EU/US safe harbor - a set of principles put in place, overseen by the U.S. Department of Commerce to enable these companies to legally export data from the EU to the U.S. The FTC enters the fray when companies state on their websites that they adhere to the safe harbor and yet do not do so. Then it becomes deceptive or false claims.
Between 2009 - 2012, only 10 companies faced enforcement by the FTC. 4 years. Now, in one fell swoop, 12 actions. It may be in response to the current scandals about U.S. data leaks or the current proposed EU data protection laws...or a combination of many things. The point is - the FTC is taking affirmative action in this regard. The proposed settlements may not seem incredibly meaningful, but there are one step in the right direction and may be a guidepost for the future. Perhaps U.S. companies will be held accountable. Perhaps the U.S. will pay more attention to protecting the information of its citizens. Perhaps. Perhaps. Perhaps.
Perhaps you will read the proposed settlements and let the FTC know what you think about them. Links below.
Comments in electronic form should be submitted using the following web links:
Apperian, Inc.: Company specializing in mobile applications for business enterprises and security;
Atlanta Falcons Football Club, LLC: National Football League team;
Baker Tilly Virchow Krause, LLP: Accounting firm;
BitTorrent, Inc.: Provider of peer-to-peer (P2P) file sharing protocol;
Charles River Laboratories International, Inc.: Global developer of early-stage drug discovery processes;
DataMotion, Inc.: Provider of platform for encrypted email and secure file transport;
DDC Laboratories, Inc.: DNA testing lab and the world’s largest paternity testing company;
Level 3 Communications, LLC: One of the six largest ISPs in the world;
PDB Sports, Ltd., d/b/a Denver Broncos Football Club: National Football League team;
Reynolds Consumer Products Inc.: Maker of foil and other consumer products;
Receivable Management Services Corporation: Global provider of accounts receivable, third-party recovery, bankruptcy and other services; and
Tennessee Football, Inc.: National Football League team.
Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.
No comments:
Post a Comment