Privacy advocates often criticize the US approach to information privacy law based on sector-specific risks stemming from utilitarian ideas that are incompatible with the concept of fundamental rights. Although the U.S. attitude to information privacy law is consistent with utilitarianism, because cost-benefit analysis plays an integral role in it, if the analysis ends here, it will ignore the deeper and more important structure with pragmatism and democracy consistency.
Sector-specific information privacy laws also protect democracy and specific individual rights. When the United States promulgated the (Fair Credit Reporting Act) in 1970, it was the first person in the world to pass a legal requirement to collect and use individuals. Countries where information agencies adhere to fair information practices. As far as the “fundamental rights” under the Fair Credit Reporting Act are concerned, American consumers have the right to borrow freely to fund their current consumption. This is hardly a basic right that Europeans think is embodied in their data protection laws.
When Congress enacted the world ’s first fair information practice law to protect the borrowing rights of U.S. consumers, it acted in response to a high level of concern among U.S. consumers, The transfer of paper records to computers may unnecessarily restrict their access to credit.
Public trust in the information governance system is used as a criterion for measuring its legitimacy.
In the 1970s, due to social unrest caused by the civil rights movement, popular opposition to the Vietnam War, and the Watergate incident that forced President Nixon to resign, the trust of the American people in their government in the early 1970s was severely damaged. With the United States Department of Health, Education and Welfare (Department of Health, Education and Welfare, hereinafter referred to as HEW) , new medical insurance and Medicaid are launched Federal health benefits programs, there are concerns that some citizens who have the right to receive benefits under these new programs may be so distrustful of the government that they will refuse to provide the personal information required to register for these new programs, even if it deprives them from providing Give them medical benefits.
Thus, HEW Secretary-General Elliot Richardson/ span> commissioned a report to answer the question: What does the federal government need to do to ensure that US citizens trust it enough to participate in these new projects. The result is the groundbreaking 1973 HEW report on computers, records, and citizen rights (1973 HEW Report on Computers, Records and the Rights of Citizens) . Based on opinions in the 1973 HEW report, Congress enacted the Privacy Act in 1974.
For the first time, the HEW report clearly describes the concept of “fair information privacy practices” (fair information privacy practices, hereinafter referred to as FIPP) . FIPPs ensure that individuals know when their information is collected, agree to use it, and are able to correct errors in the information. FIPPs place personal information collection agencies under the responsibility of maintaining the integrity and security of personal information. The concept of FIPPs, originally articulated in the HEW report, was later incorporated into all EU-style data protection laws, albeit with some very significant changes.
HEW’s report carefully considered, and then flatly rejected the view that information privacy can be reduced to the individual’s right to unilaterally control the use of personal information, which does not work. Instead, it proposes a governance process that specifically embodies FIPPs to ensure respect for personal interests in how organizations use their data. Although the HEW report does not explicitly mention the work of American pragmatists, it insists that personal information stored on computers not only reflects personal interests, but also the commons that individuals share with the institutions and society that maintains databases interest. This resonates with the core thinkers of pragmatism, and runs counter to Descartes’ individualism.
Soon after the enactment of the Privacy Act of 1974, consensus on the model of interrelationships based on the HEW report began to disintegrate, with one group fighting for a more market-oriented approach to information governance and the other fighting for more direct government control. In the late 1970s, the two factions reached a consensus regarding information privacy law as a way to safeguard the balance of personal, institutional, and social interests in information governance. For decades, Congress continued to seek a middle ground.
The result is a complex patchwork of sector-specific information privacy laws that are in effect today. These sector laws reflect not only the basic risk-based approach of the U.S. system, but also HEWThe basic idea of the relationship expressed in the report. When personal information is created and used in computer systems, an individual’s trust that their interests will be respected is an indicator of the legitimacy of the broader information management systems that these computer systems run. Similarly, companies’ compliance with the requirements of these information governance systems also demonstrates the legitimacy of these legal frameworks.
Difficulties in replacing privacy law based on sector-specific risks
The question is how to extend a model based on sector-specific risks to address the legitimacy crisis triggered by the Facebook / Cambridge Analytica scandal. Develop an industry-specific law that seeks to address the Facebook / Cambridge Analytica scandal, which may stifle innovation and global competitiveness, but has not achieved much in reducing risk because there is no reason to expect that the next information governance crisis will Outbreak in one place. What we need is a new information governance framework that addresses both privacy and disclosure issues in a flexible and dynamic manner. Congress can build such a framework by drawing on other US laws that have been very successful elsewhere.
A new legislative framework for information governance: the participation of civil power
The new legislative framework requires the participation of civilian forces. For more than a century, the United States has benefited from the work of a voluntary, consensus standards-setting organization that has refined scientific advances and best practices into standards so that these innovations can be disseminated quickly and easily. If Congress can establish a legislative framework through which regulators and voluntary, consensus standards organizations can cooperate, it can create a flexible and dynamic information governance framework that can seamlessly address current and future information Private issues. This governance framework can build on decades of experience that regulators and U.S. companies have struggled to comply with with laws based on sector-specific risks, while allowing individuals and civil society organizations to contribute to the governance process. … p
Successfully developing voluntary and consistent standards requires companies to take responsibility and translate the input of all participating stakeholder groups into the company’s commitment to create value for its customers. In a market characterized by rapid technological innovation, members of standards development organizations must not only work to develop standards, but also participate in iterative processes of revising standards as needed to maintain their applicability.
Congress can move towards an integrated national information governance framework by empowering federal regulators to grant a “safe harbor” status on voluntary, consistent standards, reducing the cost and complexity of corporate compliance. The idea of building a legislative framework for public-private partnerships to improve compliance builds on HEW’s fundamental point of view, recognizing that the mutuality of shared purposes is key to building a successful and legitimate information governance system.
The crisis of EU bureaucratic management methods
Europe’s commitment to personal control over the collection and use of personal data is also beginning to suffer from its own crisis of trust. U.S. privacy advocates implement EU-style data protection laws in the United States and either do n’t know, or do n’t care, the real impact of European bureaucracy is to take decision-making power from companies and bureaucrats, not individuals.
Although EU-style data protection laws place individuals on the surface deciding how to collect and use personal information, decision-making power is concentrated in the hands of the bureaucracy. This is because, by providing individuals with a standard user interface capable of collecting signs of consent from hundreds of millions of users, the actual control exercised by most individuals is almost meaningless in the end. Behind standardized user interfaces, companies still have considerable freedom in using personal information.
The EU is further moving towards a bureaucratic, unilateral legal framework for personal control and has avoided any risk-based practices in the Lisbon Treaty, which entered into force in 2009. In 2018, the GDPR retained and updated the basic structure of the DPD and strengthened many of its regulations. Perhaps when EU regulators drafted the GDPR, they thought it was time to stop the indifference to the DPD’s data protection compliance obligations that prevailed in Europe.
EU regulators have decided to implement some alarming penalties in the GDPR this time to ensure that everyone’s attention is noticed. One year after the GDPR came into effect, there is growing evidence that it represents a costly victory for Europe. Outside a very extreme but small community of data protection advocates, it is unclear how much EU citizens support the GDPR’s restrictions on their gains from innovation gains in the global market. At the same time, European industry is faltering in a market that competes with North American or Asian competitors for cutting-edge technologies such as autonomous cars, wearable technology, virtual medicine, smart factories or smart cities.
The future trend of information governance in the US and Europe