Jay Cline: U.S. takes the gold in doling out privacy fines
EU privacy regulators say U.S. privacy laws are too weak to protect EU personal data. But a new analysis of 358 privacy-enforcement actions paints the opposite picture.
Computerworld - The European Union is threatening to suspend the U.S.-EU Safe Harbor agreement that U.S. companies depend on to do business with Europe, claiming that America doesn't enforce its side of the bargain. Any way you cut the data, however, the U.S. dwarfs Europe and every other jurisdiction in doling out fines for data privacy violations. If privacy is measured by its weight in gold, America is the safest place on earth for personal data.
Mining the Safe Harbor
Fifteen years ago last month, the EU's newly formed Article 29 Working Party declared in its 15th opinion that U.S. laws provided inadequate protection for European citizens' personal data. The opinion expressed the widely held view across Europe that because America didn't have a single privacy law like Europe, but only a patchwork of sectoral laws, European data wasn't safe in America.
The white paper also voiced concerns about the emerging "safe harbor" agreement between Europe and the U.S. European privacy regulators thought the general privacy principles and voluntary nature of the program would result in an agreement without teeth.
In 2003, two years after the launch of the Safe Harbor, I declared in this column that the innovative agreement was already a success. About 300 companies, including prominent Fortune 500 multinationals, had joined, facilitating international commerce. Today, that number has climbed to over 4,000.
In spite of this high rate of participation, European privacy regulators stand poised to hit the nuclear button on the agreement in their ongoing reaction to revelations about U.S. government surveillance.
Without the Safe Harbor, companies would have to turn to EU "model contracts" as the next-best method to use European personal data. These contracts would bring the companies out from under the jurisdiction of the U.S. Federal Trade Commission and into the embrace of the EU privacy regulators.
But would that result in greater enforcement of European privacy laws?
Adding up the fines
To answer that question, I assigned several researchers to mine our databases, publications and regulator websites for any instance of a fine imposed by a government agency for a violation of data privacy. We set the threshold of materiality at a minimum of $100,000. In practice, I've noticed that this is the amount where larger corporations even start to take notice. Anything less is a rounding error.
What did we discover?
* Increasing over time. We found 358 enforcement actions since January 1999, the first year big privacy fines came online. Only 130 of these carried fines that met or exceeded our $100,000 threshold. Of these, 60% were levied in the last three years. All fines totaled $225 million, with 52% of that sum imposed since 2011.
More by Jay Cline
- Jay Cline: U.S. takes the gold in doling out privacy fines
- Jay Cline: Is privacy dead?
- Jay Cline: A growing cultural divide on privacy
- Jay Cline: What will Snowden leak next?
- Global winners and losers post-Snowden
- 7 reasons the FTC could audit your privacy program
- Google and the privacy Richter scale
- Jay Cline: Are medical-data breaches overreported?
- iPhone location-tracking incident boosts stock of 'privacy by design'
- Survey: The best privacy advisers of 2010
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- Omnichannel: From Buzzword to Strategy Customers demand a seamless experience across channels, especially mobile. Read this whitepaper for a research-based framework for using omnichannel for higher customer engagement.
- How 10GbE Network is the Backbone of the Virtual Data Center The shift to a virtual data center has put tremendous strain on legacy networks; driving the need for more speed, lower latency, more...
- 10GbE in the Data Center Improvements in 10GbE technology, lower pricing, and improved performance make 10GbE for the mid-market a viable and cost-effective strategy. This white paper discusses...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Privacy White Papers | Webcasts