EU Privacy Directive — Coming To the US? 180
An anonymous reader writes "An article over at ComputerWorld implies that the EU Privacy Directive, or something like it, will soon be signed into law here in the USA. The author seems to think this is a good thing, but I'm not so sure. From the article: 'We've finally come to realize that self-regulation by industry hasn't worked. The states have stepped in, creating the same situation of conflicting regulation that led to the creation of the EU privacy directive. The only question now is if the law that comes out of Congress will be a small step strictly focused on breaches, such as S.239, or whether we take the bigger step of forming a permanent committee under the FTC to monitor privacy as outlined by S.1178. Either way, the U.S. is finally moving away from the fractured environment of the past and toward a comprehensive privacy strategy.' Is it time for a national privacy law or 'Privacy Czar', or are we better off letting things be?"
There's a big question here. (Score:2, Interesting)
There's a line in the movie "Absence of Malice" which sums up the problem of government regulators very neatly, even if it wasn't intended that way: "Have you given any thought to what you'll do after government service?"
Re:Is it just me (Score:3, Interesting)
Depends (Score:3, Interesting)
http://www.computerworld.com/action/article.do?co
Anyways, it doesn't matter what the US signs into law if there is no meaningful oversight, penalties and enforcement.
I also can't imagine that the business lobby isn't going to scream and shout about the expense involved with implementing true EU style reforms.
One alternative to all these expensive-to-implement laws is to make it an opt-in industry. By the time they're done culling out all the people who don't want to be in the database (a one-time event), EU style privacy laws won't cost all that much to implement.
Re:Depends (Score:3, Interesting)
It can, actually. If the American people believe they have a legal right to privacy, and expect it, then eventually oversight, penalties, and enforcement will come around, even if they don't start out in place.
Sometimes we have to aim for gradual cultural shifts if we can't immediately obtain sweeping and effective legislation.
The fallacy is that compliance = privacy (Score:4, Interesting)
How many times have you had a company ask for ridiculously invasive information for your protection . Similar results will be incurred here. Currently asking information is at best spotty in legality and because of this you have a certain level of push back available to you when they request it. (No I will not give my sons grade school his SSN) however once a law like this goes into play it creates an aura of safety that once an organization appears to comply with it, the loss of your personal data no longer is a high level of liability for them. As a result your privacy is reduced to a level of cookie cutter actions that never get questioned because, 'everyone knows it meets legal requirements'.
Re:Gaaah!! Go, go fist of death! (Score:3, Interesting)
I must have missed something. Yeah, it's difficult for the man at the local newsagents to demand your name, DOB, NI number and inside leg measurement then sell it to the highest bidder when you go in to buy your daily paper, but it's a different story for banks, building societies and property rental agencies - most of whom I'd be dubious about trusting with too much information.
Generally in the UK they don't sell it to the highest bidder anyway - they just print it out and throw it in the street [bbc.co.uk].