老澳门开奖结果

President Obama today issued an establishing a 鈥淔ederal Privacy Council鈥� made up of the senior privacy officials from each cabinet agency. This is not a breakthrough, but it is a good step toward something that is sorely needed in the United States: the institutionalization of privacy protection.

What the United States really needs is a full-fledged independent privacy enforcement institution or institutions. Of the world鈥檚 27 wealthy OECD democracies, the United States is the only one that doesn鈥檛 have some form of independent privacy commissioner (as of 2009 Korea and Japan did not, but I believe have since created such posts).

This new Privacy Council falls far short of that, but truly independent privacy oversight is something that must be created by Congress. And while independent oversight is crucial, there is also an important role for privacy officials inside the executive branch. In 2009 we issued an 老澳门开奖结果 report with recommendations for what independent privacy oversight could and should look like in the United States. We called for three major steps:

1. Creation of an independent oversight institution for the private sector. This could take the form either of a brand-new independent agency, or statutory expansion of the mission of the FTC to give it the full powers of a full-fledged privacy commission.
2. Creation of an independent oversight institution to cover the government. For government privacy, we called for the existing Privacy and Civil Liberties Oversight Board (PCLOB) to be strengthened and expanded; currently its mandate only extends to agencies fighting terrorism. That should be expanded to cover all government privacy issues, and given the staff and budget to match (this is an agency that should occupy a large building here in Washington). Unfortunately, that has not yet happened鈥攁nd Congress has actually take one step in precisely the wrong direction by enacting a measure to the PCLOB.
3. Supplement the PCLOB with strong internal privacy officers. Independent oversight is crucial, but oversight officials within an executive agency can also supplement the role of independent officials. Because agency privacy officials report to the agency head and face internal pressures, they are not likely to go running to the media when they disagree with policy. But as trusted insiders, they can play an important role representing privacy interests in internal deliberations. As Bill Clinton鈥檚 White House Privacy Counselor Peter Swire put it, when you鈥檙e trusted on the inside 鈥測ou can block a lot of dumb proposals.鈥�

President Obama鈥檚 action today pushes the ball forward on this last front, raising the importance of these 鈥淪enior Agency Officials for Privacy鈥� (SAOPs) who will make up the Federal Privacy Council. This is a designation that was created in 1998 by President Clinton, who issued a requiring all agencies to identify a senior official to 鈥渁ssume primary responsibility for privacy policy.鈥� A 2005 OMB further cemented the role. But under these orders, any senior official could be designated SAOP, including those with other primary responsibilities such as being an agency鈥檚 Chief Information Officer. As a result, privacy has sometimes been an afterthought for those ostensibly in charge of it. Obama鈥檚 order directs the OMB director to 鈥渋ssue a revised policy on the role and designation鈥� of the SAOPs, to 鈥減rovide guidance鈥� on the SAOP鈥檚 鈥渞esponsibilities at their agencies, required level of expertise, adequate level of resources, and other matters as determined by the director.鈥� We鈥檒l have to see what emerges from OMB, but this language ordering a 鈥渞evised鈥� role suggests that the president intends for the role of SAOP to become more formal, rigorous, and important.

The creation of the Council could be helpful as well. Joining privacy officials from different agencies into a formal structure can help make those officials become more effective defenders of privacy within their agencies. In addition to promoting collaboration and the sharing of lessons and best practices, as the EO points out, the strengthening of a privacy officer peer group can help shame weak officials into standing tougher for privacy. These kinds of human factors are not to be underestimated.

One problem with the new order is that it contains no transparency requirements. One of the functions of the Privacy Council is to 鈥渄evelop recommendations鈥� for OMB on federal 鈥減rivacy policies and requirements.鈥� It would be nice if the EO required the council to make such recommendations public, and perhaps to solicit input from the public on what the recommendations should look like. It is true that trusted insider privacy officials can be a good complement to outside independent oversight structures鈥攂ut right now independent structures are still absent or inadequate.

It鈥檚 important to institutionalize privacy because even with the world鈥檚 greatest laws on the books protecting privacy, without actual institutions to support and enforce them, such laws tend to wither away over time in the great ongoing evolutionary swirl of law and practice. We鈥檝e seen this, for example, with the great-on-paper but now-very-weakened Privacy Act of 1974. Laws without institutions to enforce them and defend them are like no laws at all鈥攅specially a law governing something like privacy, where the pressures for violation are strong and constant.

We are starting to see the beginnings of the formation of a real institutional privacy infrastructure emerge in the U.S. The FTC is stepping up their involvement in privacy, and the PCLOB has played an important role in the ongoing debate over NSA spying. Again, today鈥檚 executive order doesn鈥檛 represent any kind of breakthrough in the protection of privacy in the United States, but it is a significant incremental advance in the construction of a much-needed institutional infrastructure for the protection of privacy. President Obama is to be commended for taking these steps. But, we have far to go.