Reading through the respective December 2010 privacy reports from the Federal Trade Commission (FTC) and Department of Commerce (DoC), one cannot help but be struck by the Obama Administration’s seeming desire to make America’s tech sector — and the regulatory regime that governs it — more closely resemble Europe’s. The push for an ambitious new “privacy framework” and set of “fair information practices” is just a riff borrowed from the EU data directive. And although the Obama team stops short of calling privacy a “dignity right” as many European policymakers are prone to do, it’s clear from both the FTC and DoC reports that that’s were they want to take us.
It’s interesting to me, though, that the Obama Administration relies on two fundamentally flawed rationales for the “European-ification” of American privacy law. In this regard, I’ll reference some passages from the DoC’s report that appear in the section on “The Economic Imperative” for a new regime, which appears on pages 13-16 of the report.
Myth #1: Privacy Regs Are Needed to Get More People Online or Using Digital Technology
First, the DoC pulls out the old saw about the need for expanded privacy regs to ensure greater online trust and, as a result, promote increased online interactions. The report claims that “maintaining consumer trust is vital to the success of the digital economy” and that “an erosion of trust will inhibit the adoption of new technologies” (p. 15) The problem with the theory that online commerce or consumer interactions online are somehow being thwarted by a lack of more privacy regulation is that it is plainly contradicted by the facts.
Interestingly, you need do nothing more that scan back just a couple of paragraphs in the DoC report to find some of those facts! For example, on pg. 14, the report notes: “The Internet is also increasingly important to the personal and working lives of individual Americans. Ninety-six percent of working Americans use the Internet as part of their daily life, while sixty-two percent of working Americans use the Internet as an integral part of their jobs.” Does the DoC not see the contradiction here, or is the Obama Administration claiming that we cannot rest until we move the needle from 96% to 100%?!
Then we have the DoC’s claim that “an erosion of trust will inhibit the adoption of new technologies.” Really? What, then, are we to make of the 500 million people who have flocked to Facebook despite repeated claims by some that it is a privacy pariah? And there are plenty of other examples of the explosion of online activity over the past decade. The fact is, online participation and technology adoption is growing like wildfire. If you need more evidence, go through the data sets from the Pew Internet & American Life Project about Internet usage over time and try to find one metric that is decreasing. [Just as an unrelated aside, I am still sometimes astonished by how many people use eBay despite continuing concerns about online fraud, which is a far more serious and legitimate "harm" than most supposed privacy violations. Yet, eBay is now the world's largest online marketplace with more than 90 million active users globally and $60 billion in transactions annually, or $2,000 every second.]
In sum, advocates of increased privacy regulation have fed the DoC a catchy line about the need for more privacy regulation in the name of encouraging greater online participation and the DoC has bought into that theory despite a lack of evidence that there is any real problem here.
Myth #2: Privacy Regs Are Needed to Promote the Competitiveness of U.S. High-Tech Firms
Second, we hear of the DoC speak of the need for “interoperability” or harmonization of privacy policies internationally to facilitate smoother online commercial interactions or data flows. Despite the report’s admission that “a considerable amount of global commerce takes place on the Internet [and] global online transactions currently total an estimated $10 trillion annually” and is growing, the DoC continues on to argue that:
the lack of cross-border interoperability in privacy principles and regulations creates barriers to cross-border data flow and significant compliance costs for companies. Improving the global interoperability of data privacy approaches could enable increased exports of U.S. services and… support the overall objective of creating jobs by promoting exports. Thus, commercial data privacy considerations are vital not only to our domestic commerce, but also to international trade.
In other words, says the DoC, things are pretty good right now, but they will get a lot better once we harmonize privacy regulations in the direction of the E.U. and other regions. But here’s the problem with that theory: The DoC is assuming that the benefits of regulatory harmonization — which, to be perfectly clear, would arrive in the form increased regulation on U.S. operators – would outweigh the cost of complying with those new rules.
The DoC says it wants to “prevent conflicting policy regimes from serving as a trade barrier” (p. 20), but should the U.S. impose burdensome new regulations on American companies to achieve that goal? Would we really be better off if all U.S. firms and policy more closely resembled the E.U. in this regard? To answer that question, you might conduct the simple experiment of stopping the average person in the street — here in the U.S. or even abroad — and asking them to name five major U.S. digital economy companies and then see if they can even name one major European competitor in the same arena. Needless to say, it’s hard to find many European counterparts that rival Google, Amazon, Apple, Facebook, eBay, Microsoft, etc. Now, why is that? Why is it that the information technology sector has thrived in America and that U.S. companies are leaders in many of their respective sectors across the globe? Might it be precisely because we did not follow others down the path of “data directives” and heavy handed, top-down regulation of the Internet more generally?
Do you want some empirical evidence for why it’s a bad idea to achieve parity or harmonization in the fashion the DoC suggests? Well then, consider this recent study by Avi Goldfarb and Catherine Tucker which found that “after the [European Union’s] Privacy Directive was passed [in 2002], advertising effectiveness decreased on average by around 65 percent in Europe relative to the rest of the world.” They argue that because regulation decreases ad effectiveness, “this may change the number and types of businesses sustained by the advertising-supporting Internet.” Regulation of advertising and data collection for privacy purposes, it seems, can affect the global competitiveness of online firms.
The other problem with the DoC’s appeal for harmonization of privacy regulatory regimes through increased regulation is that it sets a horrible precedent. At least thus far this has not been the approach the U.S. government has taken in most other Internet policy contexts, and with good reason. Think about this in the context of speech controls. When we see the Europeans or other regions and countries stifling free speech and expression online, has our response been to say, “Well, in the name of policy harmonization and improving cross-border interoperability, we Americans need to accept the wisdom of censoring the Net.” Of course not! That would be insane. Instead, when confronted with conflicting regulatory regimes abroad, our response here in the States has usually been to proudly boast to the world that we have the more sensible approach to Net regulation, which is to say, it should be tightly limited so as not to stifle speech or commerce. I really don’t care if you want to call that “American exceptionalism” or whatever else; I just think it’s plain old common sense.
And yet, in the case of privacy regulation, the Obama Administration’s Department of Commerce wants to throw that notion to the wind and harmonize in the direction of more regulation of U.S. companies. Isn’t the Commerce Department supposed to be in the business of helping to promote U.S. trade, exports, commerce, and global competitiveness? If so, the right approach to “leveling the playing field” in this context should be the same as it is in relation to speech policy or trade law: the rest of the world should deregulate down to our level; we should absolutely not regulate up to theirs.