Computerworld - Whenever I’ve mentioned to chief privacy officers the idea of having a single set of privacy rules for their companies to abide by worldwide, their response has been unanimous: Bring it on. Why? The legal and technical costs of complying with an expanding patchwork of state, federal and foreign privacy laws are mounting for multinationals. Having one set of rules would improve the bottom line.
Data-protection commissioners from many world governments are singing the same tune. At a November conference in London, they issued a communique urging the United Nations to launch an international privacy convention toward this end.
> You and I as customers and employees would also benefit from one set of rules that we could come to know and understand — instead of the vast array of obtusely worded privacy notices that we see on Web sites and find in our mailboxes.
It’s hard to imagine a major constituency, outside of the Idaho and Michigan militias, that would be against the concept of a global privacy agreement, if it was properly worded. So, what’s the holdup?
> It all comes down to two questions that the U.S. and Europe answer differently: What does privacy mean? And is privacy an inalienable human right?
If two major blocs of the Western world can agree on the first question and just agree to disagree on the second, the stage will be set for serious negotiations.
> What does privacy mean? The word privacy is nowhere in the U.S. Constitution, and Americans have had a continuously changing view of what privacy means. I see three major turning points:
> In 1890, Chief Justice Louis Brandeis asserted that there’s a right to protection from public disclosure of private facts.
In 1960, law professor William Prosser said there are four types of privacy violations: public disclosure of private facts, false publicity, appropriation of a name or likeness, and intrusion upon seclusion.
> In 2006, law professor Daniel Solove offered four broader dimensions of privacy: information collection, information processing, information dissemination, and intrusion upon seclusion.
If you think that’s complex, consider this: The European Union has eight privacy principles, the U.S.-EU Safe Harbor privacy accord has seven principles, and Canada and Australia have each developed 10 privacy principles.
> Is it possible to bridge all of these differences into one common meaning of privacy? I think so. There’s a tremendous amount of overlap among these lists. So I’ve been sharing a list of seven global privacy principles with my CPO peers over the
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
