Privacy: The Latest Victim Of Europe's Privacy Regulation

Author:Mr Stewart Baker
Profession:Steptoe & Johnson LLP

The European Union has proposed a privacy policy that will inevitably deprive many people of their privacy. Now working its way through the tortuous Brussels process, the regulation includes a "right to data portability." Typically, this is Commission-speak for a regulatory requirement that information services must hand over all of a subscriber's historical data upon request, and "without hindrance."

Peter Swire and Yianni Lagos recently released a nice paper demonstrating the high risk that Europe's privacy regulation will turn all of us into privacy victims. The new right, they say with admirable restraint, "raises serious risks for another principle of data protection law, which is protecting the security of an individual's personal data – in our world of weak authentication and rampant identity theft, moving all of a person's data to another system "without hindrance" creates security risks that can outweigh the portability benefits."

I don't always agree with Peter, but in this case I do. Swire and Lagos rely heavily on the work of an FTC advisory committee on data access and security. I served on that committee, which explored this very problem. Here's a excerpt from my now-twelve-year-old concurring statement:

[A]s the Report says, "Giving access to the wrong person could turn a privacy policy into an anti-privacy policy." If access to personal data is turned into a legislative right, Americans' personal data will be at risk of exposure to con men, private...

To continue reading