Could businesses be forced to forget?
Jinfo Blog

By Tim Buckley Owen

Item

Businesses currently rushing headlong into social media applications may find themselves having to put the brakes on if new European privacy laws come into effect. And, although the Europeans and Americans may currently think differently on matters of privacy, there are signs that the United States may not be far behind.

“Transparency” and “privacy by default” should underpin people’s privacy rights, said European Justice Commissioner Viviane Reding in a recent speech to the European Parliament Privacy Platform. But she also wants EU privacy law to encompass the right to be forgotten, and protection regardless of data location.

Being forgotten would mean that data controllers would have to prove that they needed to keep someone’s personal data, rather than that person having to prove that collecting it wasn’t necessary. And it wouldn’t matter where your data was processed; if you’re a European citizen you’d be entitled to European levels of privacy in all circumstances.

Which raises intriguing issues about the US-based ZoomInfo’s view that business and personal information should be regulated differently. In a recent LiveWire posting, my colleague Jan Knight pointed out that it’s not always easy to make that distinction – but in any case, if the EU legislation goes ahead, it won’t cut any ice where European citizens are concerned.

So maybe that’s why the Obama administration is also thinking seriously about beefing up its online privacy laws. Last December the Federal Trade Commission told Congress that it supported the idea of giving online consumers a persistent “do not track” setting – because industry efforts to improve consumer control of behavioural advertising had “largely fallen short”.

Now in a testimony, Lawrence Strickling of the National Telecommunications & Information Administration has set out proposals to the Senate Commerce, Science & Transportation Committee for a privacy bill of rights. Baseline protection would be enforced by the Federal Trade Commission, and a legislative framework would provide incentives for the development of codes of conduct and continued privacy protection innovation.

If that all sounds a tad permissive compared with the more prescriptive European approach – well, perhaps that reflects differing attitudes to privacy on either side of the Atlantic. Nevertheless the Economist suggests that, if the US administration does pass a privacy bill, it may ease some of the legal hoop jumping that American firms currently have to go through to be allowed to process European data.

Pinsent Masons law firm privacy law expert Rosemary Jay believes that the European Commission might find it pretty difficult to draft a law that has the extra territorial impact it aspires to. But even the attempt should be sufficient to make businesses think carefully about what may and may not be permissible with social networks in the future.

« Blog