Stress Testing the US Privacy Framework
Two of the major developments in privacy over the past year highlight the unique system of privacy laws in the United States (US). The first is the EU-US Privacy Shield framework that the European Commission (EC) and the US government finalised in July 2016. Privacy Shield offers a simplified mechanism for companies to transfer personal data of European Union (EU) citizens to the US in a manner that satisfies the requirements of EU privacy laws. The second is the emergence of the Federal Communications Commission (FCC) as a key regulator of privacy and data security, particularly through a set of new privacy and data security rules it imposed on broadband internet access service providers (‘broadband providers’).
Privacy Shield and the FCC’s rules are independent developments, but they illustrate the challenges that the US faces as privacy becomes an increasingly important issue for governments, consumers and international trade relationships. Privacy Shield demonstrates that US privacy law – and the web of US government agencies that handle privacy issues – can change in relatively short order to produce a unified response that meets complex challenges. The FCC’s rules, however, demonstrate that the force of the shared principles underlying existing US privacy laws has limits. The FCC determined that broadband providers have “unique access to consumer data” and used this finding to justify creating a distinct privacy regime for broadband providers that does not apply to other online actors.
Please sign in with your IIC login to download this article in full
- Thursday, 26 January 2017