The Italian Data Protection Authority International Conference, "Privacy, Cost to Resource"
Good afternoon. I would like to thank Chairman Rodota and members of the Commission for sponsoring this important conference. We have heard a variety of different views and approaches to the issue of privacy protection, and its has been helpful for me to learn more about the Italian experience.
The Conference Organizers have asked me to address the topic of Growth Expectations for a Global Marketplace that is Mindful of Individuals. In America we might call this Creating an Individual-Friendly Global Marketplace. This is a somewhat difficult topic to address, partly because I have no crystal ball to predict the future, and partly because I have learned that it is dangerous for senior government officials to make public predictions.
Notwithstanding my reservations, I have had an opportunity to observe consumer and government issues around the world from my work as president of the International Marketing Supervision Network [IMSN] and as chair of the OECD Committee on Consumer Policy. So perhaps I can share some of my observations and give you some insight about future issues.
Before I begin, my General Counsel requires that I provide you with the same statement that you heard yesterday from Commissioner Swindle - that my comments today are my own and do not necessarily reflect the views of the Commission or any of the other Commissioners.
At the outset, I would say that an "individual-friendly global marketplace" is one that has a foundation that places the consumer at the center of its "value proposition." In other words, it is a market that recognizes the importance of providing consumers with a basket of tools that provide consumers with a means to feel safe and confident to participate in the marketplace.
Among those tools are rights and remedies that can protect them from harm -- harm that can result from fraud, deception, security breaches [an area where my colleague Commissioner Swindle has done excellent work with the OECD], and privacy violations. And these tools can be exercised by government, businesses [in the form of self regulation] and consumers themselves.
There are two reasons that this perspective is more important now than at any other time. First, it is no secret that most Western economies are experiencing a period of economic distress. It has also been said that consumer spending represents 80% of the American economy. In France, it is 50% and other European countries fall somewhere in between. A small change in consumer confidence, up or down, can have a significant impact on and country's economy. As a result, government and businesses alike are focusing on the importance of consumer spending and consumer confidence in maintaining economic health and stimulating future economic growth.
While there has been relatively little hard economic study that connects privacy to consumer confidence, many commentators have claimed that consumer privacy concerns result in a failure to achieve billions of dollars in potential sales in the electronic marketplace.
Second, one of the important byproducts of globalization and deployment of the Internet is that markets have become more "demand driven." Because consumers can have easy access to information, consumers can rapidly move their money to many different places. Consequently, they have a greater expectation that their merchants and their governments will be more responsive to their individual demands.
Privacy has to be viewed in this context. Although we all have been somewhat self absorbed about the principles of privacy, how we actually deliver privacy depends on how we:
- manage consumer expectation - and we have all a long way to go on that front;
- define what constitutes "value" for purposes of privacy; and
- determine how we measure success.
Ideally, we provide guidance through our own combination of laws, rules, and self-regulatory programs. But, there is no "one size fits all" approach to this issue, nor is there a magic answer. Moreover, neither government, consumers nor industry can address these questions alone.
Now, I know what some of you are thinking, that I am taking a typically Anglo-Saxon approach because I am focusing on the practical. I most often hear this statement when someone is implying that Americans have no principles. That is not true. What I am saying is that we all have to be measured by what our citizens experience, and none of us have been perfect in this regard. Let me tell you why.
First, we need to build a foundation based upon consumers who understand what is reasonable, and not reasonable, to expect in terms of privacy. This foundation is a cornerstone for a demand driven market that measures companies based on how they respond. These consumer expectations need to be considered within the bundle of concerns that we term consumer confidence. This must be done, not because that is the way we in the United States or in Italy consider privacy issues, but because that is the way most of the public experiences privacy issues.
We also need to use our expertise to tell industry and governments about what we think is appropriate and inappropriate behavior, including providing incentives for innovation - technological or otherwise.
And, when industry or government fails to live up to the expectations and requirements imposed through those means, we need to take appropriate enforcement action. That action should not only include the typical government tools of fines, penalties, injunctions and public embarrassment, but should also allow for more creative solutions in appropriate cases that enable wrongdoers to become models for improved practices.
So, the question isn't really what we can expect from an individual friendly global marketplace, but how we create one and ensure that it continues to exist -- and in the context of this conference's topics, how the issue of privacy plays a role in ensuring the development of consumer confidence.
Let me take a minute to talk about my experience with this issue. Although you heard something about this yesterday, my personal views might be slightly different than those expressed yesterday by my colleague Commissioner Swindle.
It is no secret that the United States and Europe have different approaches to the issue of data privacy. Most countries in the European Union have broad-based privacy laws, while we take a more sectoral approach.
However, work done by Consumers International illustrates that: "Despite tight EU legislation in this area, researchers did not find that [Web] sites based in the EU gave better information or a higher degree of choice to their users than sites based in the U.S."
Although I have publicly suggested that America's on-line consumers would benefit from some Federal law that would allow us to address the "holes in our Swiss cheese," [e.g. companies who are not providing consumers with data protection or otherwise governed by Federal Law], European criticism of the U.S. privacy approach fails to take into account our record of effective prosecution.
You heard something about that record yesterday, but to give you further information:
- To date, the US Federal Trade Commission has brought approximately 255 Internet cases and handled 31 matters with a privacy component. In addition, 279 companies have self-certified under the US-EU Safe Harbor.
As the US FTC has undertaken strong enforcement action, we have also spent a great deal of time publicly discussing our cases in order to build consumer demand for privacy. Consequently, as consumers have increasingly demanded privacy protection, industry has responded.
This visible enforcement activity, clearly has a dual purpose: (1) to send a message to industry about what is acceptable conduct, and in so doing shape the marketplace; and (2) to educate consumers about what they should reasonably expect in the marketplace.
In conjunction with strong enforcement, there is a need to educate consumers and businesses as to why privacy is a value - government saying so is not enough. As more people know about privacy, consumer demand will help drive the marketplace. Privacy must be something that consumers understand and that businesses know must be included as part of the value proposition.
In a global marketplace it is important for all of us to work together, while at the same time to recognize that countries have different legal and value systems and therefore approach problems differently. Our differences, however, should be valued and we should learn from each other in order to benefit consumers around the world.
When we build a global marketplace that recognizes all elements that are important to the consumer, including privacy, we will have an individual-friendly global marketplace that realizes the great potential it has for all of our citizens.