Remarks of Assistant Secretary Strickling at the 32nd International Conference of Data Protection and Privacy Commissioners
– As Prepared for Delivery –
It is a real pleasure being here to speak with you at the 32nd International Conference of Data Protection and Privacy Commissioners. Thank you, Minister Steinitz and also Minister of Justice Neeman, who invited me to come to Jerusalem to share the views of the United States of America on privacy and innovation.
I am the Administrator of the National Telecommunications and Information Administration at the U.S. Department of Commerce. NTIA serves as the principal advisor to the President on communications and information policy.
I am here to tell you that the Obama Administration places a high priority on extending the Internet’s transformative potential more broadly in our society. And, it is vital to ensure that the global Internet environment continues to encourage innovation and creativity.
The Commerce Department plays an important role in the Administration’s overall Internet policy effort. Earlier this year, Commerce Secretary Gary Locke established an Internet Policy Task Force to address four key public policy challenges facing the Internet: first, enhancing Internet privacy; second, ensuring cybersecurity; third, protecting copyright; and fourth, ensuring the global free flow of information. Along with NTIA, the Task Force includes experts from four other agencies at the U.S. Department of Commerce: the International Trade Administration, the National Institute of Standards and Technology, the U.S. Patent and Trademark Office, and the Office of the Secretary.
We are guided by two dominant principles as we approach these challenging issues:
First is the importance of trust. It is imperative for the sustainability and continued growth of the Internet that we preserve the trust of all actors. For example, if users do not trust that their personal information is safe on the Internet, they will worry about using new services. If content providers do not trust that their content will be protected, they will threaten to stop putting it online.
Our second key principle is the commitment to the multi-stakeholder policy development model. There’s little question that multi-stakeholder organizations have played a major role in the design and operation of the technical aspects of the Internet and are directly responsible for its success. Our approach, which we call Internet Policy 3.0, recognizes that the interplay among technical standards and design, multi-stakeholder institutions, voluntary best practices, and laws and regulations can ensure that the Internet continues to meet its economic and social potential. In this model, a key role for government is to convene stakeholders to discuss critical technology issues, bring them to the public’s attention, and work together with all interested parties to solve challenging problems. This convener role is a important way to provide leadership on these issues while preserving the benefits of a multi-stakeholder approach. We’ve put these principles into practice with our work on privacy and the other matters being studied by the Internet Policy Task Force.
At the outset, I want to emphasize how seriously Americans take privacy. A fundamental right against government intrusion on individual privacy is enshrined in the Fourth Amendment of our Constitution. We have strong statutory protection in sectors where sensitive information is found –health, finance, education – and a world-class consumer privacy regulator in the Federal Trade Commission. A recent study reported that 65 percent of adult Internet users in the United States have proactively taken steps to increase their privacy on social networking sites. And even while the conventional wisdom suggests that younger Internet users are cavalier about their privacy rights, surveys show that young adults are also taking steps to protect their privacy interests online.
Industry groups in the United States are also taking an active role in protecting privacy. For example, a coalition of online advertisers recently announced a plan to provide consumers with more information about the ads they see, when they actually see the ads. The idea is that there will be an icon in or near advertisements so that consumers can easily find privacy policies and opt out pages. Voluntary industry efforts like this are essential, but we should work to make them more robust, worthy of greater trust, and globally scalable.
The Internet Policy Task Force effort on privacy began by listening to everyone who was willing to talk to us: companies, trade groups, civil society, and academics. This past spring we used these conversations to shape a Notice of Inquiry, which posed a number of questions about the connections between privacy, policy, and innovation. We held a public symposium in Washington, where experts from all sectors shared their views on topics ranging international frameworks to specific voluntary codes of conduct. And we’ve been working informally, but closely, with our colleagues at the Federal Trade Commission, which is the U.S. federal government’s main privacy enforcement agency.
So what specifically needs to be done to strike a better balance between privacy and innovation? First, it is time that we adopt comprehensive Fair Information Practice Principles (FIPPs) as the information privacy framework in the United States to clarify how personal data on the Internet is protected. Baseline privacy protections will build consumer trust and give businesses in the United States more guidance about what’s expected of them. To borrow from one of the responses we received to our Notice of Inquiry, baseline FIPPs are something that consumers want, companies need, and the economy will appreciate. Industry, civil society, and the U.S. Government all have important roles to play in helping this framework take hold.
The framework I have in mind would build on current successes with voluntary codes but provide a more accountable, institutional structure for the future. Starting in the mid-1990s, NTIA and the FTC explored options to protect online privacy, working closely with industry groups and privacy advocates. During that formative period of the Internet privacy debate, the FTC played a pivotal leadership role based on its expertise in consumer protection and its role as the primary enforcement authority. The result was that major web sites agreed to post privacy policies explaining how they used personal information. Today, we can debate whether we rely too heavily on these notices, but it’s the process that I want to emphasize. The quick actions that many stakeholders took in the mid-1990s allowed them to reach consensus in the midst of dynamic technological change much more rapidly than our legislature and regulatory institutions could have acted. That, in my mind, is a considerable success.
This brings me to a third major issue: our desire for robust engagement with the global privacy community. The Obama Administration realizes that the legal and policy framework surrounding the Internet, especially privacy, is complex both domestically and internationally. While we understand that governments must act to protect their citizens, we also wish to avoid fragmented sets of inconsistent and unpredictable rules that frustrate innovation and the broad commercial success of the online environment.
How can we go about this? I am here today because we are committed to engaging with our allies and trading partners around the world to find approaches to data protection that build on our shared global commitments. Respecting individual rights, while also recognizing that there will be differences in the way democratic societies go about protecting those rights, is vital in this regard.
I come here ready to learn from all of you. I come with a sense of hope that we can find ways to lower the barriers to the flow of information and innovative services around the world. And, I come with a commitment to work with you to build cooperative cross-border relationships that ensure the protection of privacy values we all hold dear.
In addition to moving in the directions I’ve suggested today, the United States can build on the progress we currently share in the global arena. International cooperation on enforcement is very encouraging. Just about a month ago, privacy enforcement agencies from thirteen countries formally announced the formation of the Global Privacy Enforcement Network. I’m pleased to say that the U.S.’s own FTC is among the thirteen. So is the Law, Information and Technology Authority from our host country, Israel. GPEN, as it’s known, will allow better cross-border investigation of privacy complaints. The FTC is also one of five signatories to the APEC Cross-border Privacy Enforcement Arrangement. This agreement creates a voluntary framework for cross-border cooperation on consumer privacy investigations and enforcement matters for relevant authorities throughout the APEC region.
I look forward to hearing your ideas about how the United States can reinvigorate its international privacy engagement. Along with the formal and informal dialogue I expect we will all have, I invite you to send your formal comments when the Department’s report comes out. We’ll be asking many more questions in the report, and we want to hear from you.
The time for greater international cooperation is here. All nations, including the United States, must be ready to work together and begin a proactive and productive dialogue on privacy reform efforts. The United States is ready to work with its global partners to develop a formula for establishing greater legal and practical certainty in privacy protection. At Commerce, we are eager to enter into a comprehensive dialogue on the question of principles that we all can live up to and how to adapt to our national experience. It is time for a robust global dialogue and decisive action so we look forward to working with you.