Posts tagged as:

The OECD Privacy Guidelines at 30

by on September 29, 2010 · 0 comments

If you blinked, you missed it. Heaven knows, I did. The OECD privacy guidelines celebrated their 30th birthday on Thursday last week. They were introduced as a Recommendation by the Council of the Organization for Economic Cooperation and Development on September 23, 1980, and were meant to harmonize global privacy regulation.

Should we fete the guidelines on their birthday, crediting how they have solved our privacy problems? Not so much. When they came out, people felt insecure about their privacy, and demand for national privacy legislation was rising, risking the creation of tensions among national privacy regimes. Today, people feel insecure about their privacy, and demand for national privacy legislation is rising, risking the creation of tensions among national privacy regimes. Which is to say, not much has been solved.

In 2002—and I’m still at this? Kill me now—I summarized the OECD Guidelines and critiqued them as follows on the “OECD Guidelines” Privacilla page.

The Guidelines, and the concept of “fair information practices” generally, fail to address privacy coherently and completely because they do not recognize a rather fundamental premise: the vast difference in rights, powers, and incentives between governments and the private sector. Governments have heavy incentives to use and sometimes misuse information. They may appropriately be controlled by “fair information practices.” Private sector entities tend to have a balance of incentives, and they are subject to both legal and market-punishments when they misuse information. Saddling them with additional, top-down regulation in the form of “fair information practices” would raise the cost of goods and services to consumers without materially improving their privacy.

Not much has changed in my thinking, though today I would be more careful to emphasize that many FIPs are good practices. It’s just that they are good in some circumstances and not in others, some FIPs are in tension with other FIPs, and so on.

The OECD Guidelines and the many versions of FIPs are a sort of privacy bible to many people. But nobody actually lives by the book, and we wouldn’t want them to. Happy birthday anyway, OECD guidelines.

SHARE: 0 comments

Privacy Coalition: Scrap the DHS Privacy Officer

by on October 23, 2009 · 16 comments

A large group of privacy advocacy groups and individuals sent a letter to the leadership of the House Homeland Security Committee today, suggesting that the role of Chief Privacy Officer at the Department of Homeland Security should be scrapped.

The DHS CPO has shown an extraordinary disregard for the statutory obligations of her office and the privacy interests of Americans. Outreach is certainly important, but the job of Chief Privacy Officer is not to provide public relations for the Department of Homeland Security. The job as defined in the statute is to protect the privacy of American citizens, through investigation and oversight. If an internal office cannot achieve this, then the situation calls for an independent office that can truly evaluate these programs and make recommendations in the best interests of the American public.

The current CPO, Mary Ellen Callahan, has not been on the job long enough to lay all these concerns at her feet, but the substance of the complaint is valid. Does the Privacy Office actually help protect privacy, or has it, over years, favored the paperwork function over privacy protection, falling into the role of apologist for DHS programs?

I serve on the DHS Privacy Committee, which advises the CPO. The views stated here, of course, are my own.

I wrote on Privacilla in 2001: “As a management matter, government privacy officers may become antagonistic to the agencies with whom they deal, and lose effectiveness, or they may be captured by agencies and become professional apologists for government erosion of privacy.”

And when I joined the committee four years later, I expressed my concern with the potential for co-option, saying in a Privacilla press release: “I have asked friends and family members to beat me up if I change or mute my advocacy for privacy, civil liberties, and freedom.”

SHARE: 16 comments