Jay Cline: U.S. takes the gold in doling out privacy fines
EU privacy regulators say U.S. privacy laws are too weak to protect EU personal data. But a new analysis of 358 privacy-enforcement actions paints the opposite picture.
Computerworld - The European Union is threatening to suspend the U.S.-EU Safe Harbor agreement that U.S. companies depend on to do business with Europe, claiming that America doesn't enforce its side of the bargain. Any way you cut the data, however, the U.S. dwarfs Europe and every other jurisdiction in doling out fines for data privacy violations. If privacy is measured by its weight in gold, America is the safest place on earth for personal data.
Mining the Safe Harbor
Fifteen years ago last month, the EU's newly formed Article 29 Working Party declared in its 15th opinion that U.S. laws provided inadequate protection for European citizens' personal data. The opinion expressed the widely held view across Europe that because America didn't have a single privacy law like Europe, but only a patchwork of sectoral laws, European data wasn't safe in America.
The white paper also voiced concerns about the emerging "safe harbor" agreement between Europe and the U.S. European privacy regulators thought the general privacy principles and voluntary nature of the program would result in an agreement without teeth.
In 2003, two years after the launch of the Safe Harbor, I declared in this column that the innovative agreement was already a success. About 300 companies, including prominent Fortune 500 multinationals, had joined, facilitating international commerce. Today, that number has climbed to over 4,000.
In spite of this high rate of participation, European privacy regulators stand poised to hit the nuclear button on the agreement in their ongoing reaction to revelations about U.S. government surveillance.
Without the Safe Harbor, companies would have to turn to EU "model contracts" as the next-best method to use European personal data. These contracts would bring the companies out from under the jurisdiction of the U.S. Federal Trade Commission and into the embrace of the EU privacy regulators.
But would that result in greater enforcement of European privacy laws?
Adding up the fines
To answer that question, I assigned several researchers to mine our databases, publications and regulator websites for any instance of a fine imposed by a government agency for a violation of data privacy. We set the threshold of materiality at a minimum of $100,000. In practice, I've noticed that this is the amount where larger corporations even start to take notice. Anything less is a rounding error.
What did we discover?
* Increasing over time. We found 358 enforcement actions since January 1999, the first year big privacy fines came online. Only 130 of these carried fines that met or exceeded our $100,000 threshold. Of these, 60% were levied in the last three years. All fines totaled $225 million, with 52% of that sum imposed since 2011.
More by Jay Cline
- Jay Cline: U.S. takes the gold in doling out privacy fines
- Jay Cline: Is privacy dead?
- Jay Cline: A growing cultural divide on privacy
- Jay Cline: What will Snowden leak next?
- Global winners and losers post-Snowden
- 7 reasons the FTC could audit your privacy program
- Google and the privacy Richter scale
- Jay Cline: Are medical-data breaches overreported?
- iPhone location-tracking incident boosts stock of 'privacy by design'
- Survey: The best privacy advisers of 2010
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Market Overview: Digital Customer Experience Delivery Platforms Forrester states that businesses today struggle to understand and use the tools necessary to create and manage unified, multichannel digital customer experiences across...
- The Growing Demand for Rich Media This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!