The 23d International Conference of Data Protection Commissioners, Paris, La Sorbonne
Good morning. Thank you Professor Rodota; and I'd also like to thank CNIL for inviting me to speak here today. At the outset, I'd like to make a few comments about the events of September 11.
On behalf of the people of the United States and as a representative of the US government, I would like to thank all of you for your expressions of sympathy and support. I would also like to particularly thank the people of France and our hosts, CNIL, for their continued demonstration of the history of closeness and fraternity our countries have enjoyed.
As some of you may know, I was born in Pennsylvania, I reside in Washington, D.C. (where I live within walking distance of the Capitol), and New York City is my home, where I live within walking distance of the World Trade Center. Not surprisingly, what occurred in Washington, New York, and Pennsylvania affected me greatly. But I would like to read you a portion of the statement I sent to my staff last week:
"Last Tuesday, we all watched incredulously as unthinkable acts of terror were committed in New York City, at the Pentagon and in Southwestern Pennsylvania. Based on the apparent political nature of these events, it is not surprising that we, as public servants, felt especially vulnerable. In the days since then, I have joined all of you in a struggle to make sense of what occurred.
This struggle brought me back to my home in New York City where I was able to witness the terrible results of hate and to shed a tear for missing friends. But, where I saw pain and sorrow, I was also able to witness the strength of character that brought rescuers together, heart to heart and shoulder to shoulder. On Sunday, I joined Americans of all colors, races and places of origin on the West Side Highway where we put our hands together to applaud these heroes for their efforts.
My experience in New York convinces me that America will emerge from this tragedy with a renewed spirit of optimism and resolve because these are the traits that form the core of all Americans."
So, I am here in that spirit, because terrorism and hate are best fought by forums like this, where people from around the world can share their ideas.
To begin, my General Counsel requires that I tell you my comments are my own and do not necessarily reflect the views of the Federal Trade Commission or of any of the other Commissioners.
I'd like to start by taking a look at the world as it is now. Today, more than ever, consumers are in the driver's seat: the Internet and new technologies put consumers more in control of the relationship between buyers and sellers and these increasingly personalized experiences give consumers more choices than at any other time. It also has the potential to give them more control over what information is gathered and under what circumstances.
That brings us to the topic of today's panel "One World, One Privacy." I think that title is somewhat misleading. Because now, more than ever, we are seeing that citizens are demanding privacy protections that suit their individual desires, and a "one size fits all" approach may actually be impractical. While we have legitimately struggled to derive some common ideals and principles to govern information gathering we must recognize that citizens of one country may have legitimately different interests than those of another. So, we all need to be careful to listen to our citizens and construct policy mechanisms that are flexible - that will cater to their current needs and change as their needs change.
That being said, the United States and the members of the European Union have determined that they have a common interest in principles that help define the relationship between those who gather information and those from whom it is gathered.
Other than to say the balance between privacy and transparency are deeply held on both sides of the Atlantic, I think it would be difficult and somewhat presumptuous for either of us to characterize the merit of those principles to the others' citizens. But I think it is significant that the EU safe harbor represents a good effort to focus upon our common interests, rather than our differences.
Now, let's get back to the real world and what we are seeing "out there". As technology brings the world closer together, privacy has become more of a business imperative: the future of business will be based on information and how we use it to better connect buyers and sellers. Technology has had a substantial impact in reducing the time and distance between buyers and sellers. But greater access comes with greater accountability, because while businesses can know more about their customers, those customers now know a lot more about them. We see evidence of this fact throughout the US and in the FTC's activities.
It is no secret that the US does not presently have an overall global privacy law. That does not mean we don't protect our citizens' privacy [or the privacy of your citizens doing business with our companies]. We recognize the need for privacy in different areas via a sectoral approach -- privacy laws targeted to certain specific needs.
Whether the US will ultimately take a broader approach is currently under debate. But, what is not under debate is the fact that we have taken a very active role in law enforcement in areas where we do have laws: e.g., FCRA, COPPA, GLBA, FTC Act [US/EU Safe Harbor]. In the past few years, for example, the FTC has brought 196 Internet cases; approximately 15 cases with a privacy component; and 102 companies have self certified under the safe harbor.
All of these laws allow us to go after those who violate consumer privacy -- and in a very visible way where we can shape the market by demonstrating appropriate behavior. (Ask Toysmart, Geocities, Reverse Auction, Trans Union, and Liberty Financial.) In addition, laws like the Privacy Act expressly govern how government can gather and disseminate information about its citizens.
So where do we go from here? I think strong enforcement of American consumer protections will continue. Further international dialogue is also important because it allows us to share ideas about our common interests. But I also believe that we must recognize that countries have different legal and value systems and, therefore, approach some problems differently. These differences should be valued and not denigrated because we can learn from each other. For example, we are exploring opportunities for cooperation bilaterally and in forums such as the IMSN and the OECD, where we explore how law enforcement can be more effective.
I think it is also important to build concepts of flexibility into whatever we do, because embracing change will incentivize innovation and allow our citizens to enjoy the benefits of the global community.
For these reasons I believe that a single, global view of privacy may not be achievable or desirable; but international cooperation and agreement on privacy principles might be a more practical and workable goal.