U.S. firms would be more competitive and better able to comply with foreign privacy laws if the United States had a broad law protecting consumer privacy online, a Commerce Department official told a House panel on Thursday.
“It would be helpful and I think it would help the competitiveness of our businesses if we had baseline privacy protections that are flexible and take into account really the changing economy, [and] changing technologies,” Nicole Lamb-Hale of Commerce’s International Trade Administration told the Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade.
Some privacy advocates have called on the EU to get tougher with the United States and require it to harden up the current mix of industry self-regulation and some specific privacy laws related to health and finance. They say industry self-regulation has failed to protect Internet users who are increasingly being tracked by companies that collect information for advertising purposes. The Obama administration and even some tech firms such as Intel and Microsoft have called on Congress to pass legislation that would establish baseline privacy protections.
The House panel examined how the European Union’s privacy law, which was first adopted in 1995, affects U.S. firms and what lessons it may provide U.S. policymakers. The law bars the flow of personal data about EU citizens to countries that do not have “adequate” privacy protections.
To ensure that U.S. firms would not be harmed by the law, the U.S. government negotiated a “safe harbor” in the late 1990s with the EU that allows companies to be deemed in compliance with the EU privacy law if they follow an agreed set of privacy principles.
Paula Bruening, vice president for global policy for the Center for Information Policy Leadership, said the EU law has not been implemented or enforced consistently among member states. She said it imposes burdensome administrative requirements on U.S. companies.
The EU is currently considering changes to the law to respond to some of these criticisms, but may also make it tougher. Lamb-Hale said it is unclear whether the European Union would continue to recognize the safe harbor after it revises its privacy law.
The Trans Atlantic Consumer Dialogue, a coalition of nearly 80 European and U.S. consumer groups, wrote the subcommittee earlier this week saying there is much the United States could learn from the Europeans on privacy given the rising levels of privacy breaches in the United States.
Ohio State University law professor Peter Swire, a privacy adviser in the Clinton administration, noted that countries outside of Europe have been passing privacy laws based on the EU directive. He said U.S. companies could face problems moving data out of those countries as well.
However, Consumer Data Industry Association President Stuart Pratt told National Journal after the hearing that he believes the cost of complying with a U.S. privacy law would far outweigh any benefits companies would receive from it.
Subcommittee Chairwoman Mary Bono Mack, R-Calif., said she has not decided whether Congress should pass privacy legislation. She plans more hearings to explore the issue. “My purpose in holding this hearing is not to point fingers,” she said. “Instead, my goal is to point to a better way to protect privacy online and promote e-commerce.”