Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

The Washington post John Edwards
4 March 2015

washington edit

I’m in Washington DC to talk privacy, or data privacy, or data protection, or however else this growing international preoccupation is described in different jurisdictions, sectors and economies.

In San Francisco on the way here, I picked up a copy of the New York Times. On the front page of its business section was an article about a Bill to be introduced by President Obama, the Consumer Privacy Bill of Rights Act, which quotes fellow kiwi, and Microsoft’s Chief Privacy Officer Brendon Lynch’s blog post on the subject.

Brendon will be one of the many delegates at this week’s International Association of Privacy Professionals (IAPP) Global Privacy Summit, the main reason for me being here.

When I started working in this field in the early 1990s, I could probably name most of the people in the world whose work included a significant privacy focus. These days it is area of law and public policy that engages tens of thousands worldwide. The IAPP has undertaken the significant task of providing some unity and coherence to the discipline, despite the widely divergent approaches from each side of the Atlantic and across the Asia Pacific region.

As the largest conference in the world of its type, it also attracts a number of side events, in order to capitalise on the agglomeration of expertise. This week I will be visiting the White House to meet with officials, attending a Big Data working lunch and Privacy Risk Framework Project Workshop, a “dinner dialogue" at the Brookings Institution on “Privacy Security and the US-Europe Relationship”, meetings with the NSA and others, including my counterparts at the Federal Trade Commission (FTC). I’ve already met with privacy officers and other senior officials at the 240,000 strong Department of Homeland Security, and  the Department of Human and Health Services which administers and enforces regulations governing health information. 

I was particularly impressed with the approach taken by the Department of Homeland Security. You might assume that an organisation formed in the immediate aftermath of 9/11 would be secretive and conservative in its policies on personal information. Not so. The department regularly undertakes, and publishes, privacy impact assessments on aspects of its activities. It sees transparency as a key element of the social contract under which it exercises state power. The department even has a policy (although not required by law) of giving access to information and its complaints processes to non-US citizens. If you’ve had a bad experience with the US Transportation Security Administration or border officials, you are entitled to have that looked into.

I asked my colleagues at the Department of Human and Health Services what the single most effective tool they had at their disposal to ensure compliance with the health data privacy rules. Their answer, the ability to levy heavy fines on recalcitrant agencies.

Since so many international colleagues are in Washington, the FTC has also kindly offered to host a meeting of the executive committee of the International Conference of Data Protection and Privacy Commissioners, which I chair.

The US has a different regulatory model to the EU, and at times there has been tension as a result of deep cultural and legal differences.  Last year’s European Court of Justice decision on the so-called “Right to be Forgotten” is an excellent example of the divergence between the rights to freedom of expression and to profit from technological innovation, and the European model with its fetters on data aggregation and use. There are common elements though, and scope to bridge them, which are being explored here, and throughout the year.

On Sunday afternoon, after waiting in the snow and rain to climb the Washington Monument, I visited the National Holocaust Museum nearby. Among the many sobering images and displays was another reminder of the origins of one strand of thinking about privacy.

I’ll keep you posted on the rest of the week’s activities.





No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.