Government and industry in the United States have started getting serious about privacy.
With the effective date of the European Union's directive on data protection getting closer, other nations have been working against an Oct. 31 deadline to convince the EU that the confidentiality and integrity of personal information is at least "adequately" observed by both government and business. The possible penalty for noncompliance is a shut-off of personal information, particularly transactional data, flowing from EU countries.
And beyond the transfer of specific data to the United States, the EU is likely to want assurances that personal information collected, used and disseminated through the Internet is also protected, regardless of whether the site owner is specifically doing business in EU countries. EU citizens have access to U.S.-based Web sites, and if those Web sites do not pass scrutiny, then European data commissioners may decide to take legal action.
The EU has been working on its data-protection directive for most of this decade, and the United States has tried to ignore it. When they realized the issue would not go away, both government and industry lauded the privacy laws already on the books, such as the Privacy Act of 1974, the Fair Credit Reporting Act, the Right to Financial Privacy Act and the Video Rental Protection Act. Yet they haven't acknowledged that a sectorial approach, while ameliorating some of the worst problems, also illustrates how silly some fixes can be. Vice President Al Gore recently complained that video-rental records are better protected than medical records. What Gore implicitly recognized is that political circumstances -- in the case of the Video Rental Protection Act, the unauthorized disclosure of Supreme Court nominee Robert Bork's video-rental records -- frequently lead to bad laws. Protecting the privacy of video rental records while refusing to protect the privacy of medical records shows Europeans and others interested in a seamless scheme of privacy protection just how random and ill-considered our patchwork really is.
To its credit, the Clinton administration has recognized the problem and has been willing to take more action than previous administrations. However, budget constraints have led the administration to place emphasis on a potpourri of small, inexpensive fixes, and the solution supported by the administration has been self-regulation -- let industry develop practices that will be acceptable to the Europeans and provide the flimsiest gloss of government oversight to patrol industry actions.
Some of the most concentrated action has been at the Federal Trade Commission (FTC), where Commissioner Christine Varney, well-connected to the White House, championed efforts to coerce industry into providing better privacy protections, using the FTC's authority to police unfair business practices as a cudgel. It didn't hurt that stories about potential large-scale commercial dissemination of personal information, such as Lexis-Nexis' P-Trac program, were announced and then quickly withdrawn under a barrage of public criticism.
The FTC investigated children's Web sites, examining issues surrounding the collection of personal information from children, particularly without parental consent. The commission's report indicated that privacy protection at such sites was abysmal, and it recommended some kind of congressional action. Gore this summer supported the FTC's call for legislation in this area. But the administration is still unwilling to recommend government regulation when it comes to adults. It has been clear that the government is giving business the benefit of every doubt in developing a feasible self-regulatory solution. Varney, who left the commission to return to private practice, is spearheading the Online Privacy Alliance, an industry group pledged to cover aspects of fair information practices on its Web sites.
Recently the alliance has added a feature that would provide a logo displayed by members, a kind of seal of approval indicating that the site met certain standards. So far, the idea of standardized logos has not caught on; Truste,