Jay Cline: U.S. takes the gold in doling out privacy fines
EU privacy regulators say U.S. privacy laws are too weak to protect EU personal data. But a new analysis of 358 privacy-enforcement actions paints the opposite picture.
Computerworld - The European Union is threatening to suspend the U.S.-EU Safe Harbor agreement that U.S. companies depend on to do business with Europe, claiming that America doesn't enforce its side of the bargain. Any way you cut the data, however, the U.S. dwarfs Europe and every other jurisdiction in doling out fines for data privacy violations. If privacy is measured by its weight in gold, America is the safest place on earth for personal data.
Mining the Safe Harbor
Fifteen years ago last month, the EU's newly formed Article 29 Working Party declared in its 15th opinion that U.S. laws provided inadequate protection for European citizens' personal data. The opinion expressed the widely held view across Europe that because America didn't have a single privacy law like Europe, but only a patchwork of sectoral laws, European data wasn't safe in America.
The white paper also voiced concerns about the emerging "safe harbor" agreement between Europe and the U.S. European privacy regulators thought the general privacy principles and voluntary nature of the program would result in an agreement without teeth.
In 2003, two years after the launch of the Safe Harbor, I declared in this column that the innovative agreement was already a success. About 300 companies, including prominent Fortune 500 multinationals, had joined, facilitating international commerce. Today, that number has climbed to over 4,000.
In spite of this high rate of participation, European privacy regulators stand poised to hit the nuclear button on the agreement in their ongoing reaction to revelations about U.S. government surveillance.
Without the Safe Harbor, companies would have to turn to EU "model contracts" as the next-best method to use European personal data. These contracts would bring the companies out from under the jurisdiction of the U.S. Federal Trade Commission and into the embrace of the EU privacy regulators.
But would that result in greater enforcement of European privacy laws?
Adding up the fines
To answer that question, I assigned several researchers to mine our databases, publications and regulator websites for any instance of a fine imposed by a government agency for a violation of data privacy. We set the threshold of materiality at a minimum of $100,000. In practice, I've noticed that this is the amount where larger corporations even start to take notice. Anything less is a rounding error.
What did we discover?
* Increasing over time. We found 358 enforcement actions since January 1999, the first year big privacy fines came online. Only 130 of these carried fines that met or exceeded our $100,000 threshold. Of these, 60% were levied in the last three years. All fines totaled $225 million, with 52% of that sum imposed since 2011.
More by Jay Cline
- Jay Cline: U.S. takes the gold in doling out privacy fines
- Jay Cline: Is privacy dead?
- Jay Cline: A growing cultural divide on privacy
- Jay Cline: What will Snowden leak next?
- Global winners and losers post-Snowden
- 7 reasons the FTC could audit your privacy program
- Google and the privacy Richter scale
- Jay Cline: Are medical-data breaches overreported?
- iPhone location-tracking incident boosts stock of 'privacy by design'
- Survey: The best privacy advisers of 2010
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Privacy White Papers | Webcasts