Feds in America very excited about new global privacy alert system
Rest of the world: not so much
US watchdog the Federal Trade Commission (FTC) has signed an agreement with seven countries to share cross-border information relating to privacy.
The new "alert" system will let regulators from America, UK, Australia, Canada, Ireland, the Netherlands, New Zealand, and Norway share confidential information about ongoing investigations, and the FTC is very excited about it.
"Today, data is increasingly crossing borders, and our privacy investigations and enforcement must do the same," said FTC chair Edith Ramirez at the signing on Sunday. "GPEN Alert is an important, practical cooperation tool that will help GPEN [Global Privacy Enforcement Network] authorities protect consumer privacy across the globe."
The other signatories are notably less excited however. Of the seven other countries, just one – the UK – has even bothered to announce the news. And the GPEN website has yet to update itself to contain information about its own new alert system.
Those displaying indifference include the host country of the 37th International Conference of Data Protection and Privacy Commissioners where the agreement was signed, and the country that is the focus of global privacy issue at the moment – Ireland – thanks to the recent victory of Max Schrems against Facebook in the European Court of Justice (Schrems sued Facebook in its European headquarters in Ireland).
The news follows comments from the FTC's bureau director Jessica Rich last week who criticized EU data protection authorities for not having done enough to beat violations of the now-defunct Safe Harbor framework, and a speech from FTC Commissioner Julie Brill in which she pointedly noted that Europe was not having an "honest" discussion about data privacy and sharing.
"During the entire time we were enforcing the Safe Harbor, we had gotten only four referrals," Rich told reporters last week. "The referral process was not working and at a certain point, we decided to start looking for Safe Harbor violations ourselves."
It's not clear at that stage whether the GPEN Alert system – which is based on the FTC's own Consumer Sentinel Network – will suffer a similar lack of interest.
It is no secret that data protection offices from around the world, but especially in Europe, are not happy about the US' approach to privacy, particularly when it comes to the commercial use of customers' data.
Many have been actively lobbying to have the Safe Harbor framework shut down for a number of years, but were consistently ignored by politicians in the European Commission. The FTC was responsible for overseeing a framework that was largely one-sided: American companies like Apple, Facebook, and Google pulling personal details of Europeans over to State-side servers.
The ECJ judgment turned that situation on its head and has left US companies and authorities scrambling to find an alternative.
Meanwhile, Europe has provided 13 recommendations for the United States but the US government has so far refused to budge, citing national security issues. The FTC is thought to be negotiating key parts of a new agreement that has been under discussion for two years, but talks about it as if it isn't involved.
In Brill's speech last week she noted: "Although the text being negotiated by the Commission and the United States has not been made public, I have every reason to believe that both sides understand the need to ensure that these substantive protections are more robust, and that both sides have been working to that end."
We asked the FTC last week whether it was involved in the text's negotiations, and if not, who were the parties that were drawing up the new agreement. We have yet to received a response.
Meanwhile, on the new GPEN Alert system, the only non-US comment on it so far has come from UK Information Commissioner Christopher Graham. He said: "People need to know privacy authorities around the globe are watching over their information, and that policing of the rules doesn't stop at a country's border. The launch of the GPEN Alert today is an important practical step in achieving that, building on the international cooperation the GPEN network has developed. By providing a secure and confidential system, we hope it will prove a key tool in the future."
Here's hoping. ®
Sponsored: Becoming a Pragmatic Security Leader