Privacy Law and Policy Reporter
Senator Paul Simon (Democrat-Illinois) has introduced into the US Senate legislation to create a federal privacy protection agency, the Privacy Protection Act of 1993. The Bill, if enacted, will establish a five person Privacy Protection Commission of presidential appointees whose members will normally serve seven year terms. The Commission will be restricted to not more than 50 employees. Despite its tiny size, the Commission will have an exhausting list of functions, which will include developing model standards for agency compliance with the Privacy Act 1974, developing codes of conduct for the privacy sector, investigating complaints of breaches of the Privacy Act or of any other ''violation of privacy or data protection rights', to review the Privacy Act, and to make recommendations for law reform generally. It will have power to hold hearings and subpoena witnesses.
In effect, the proposed Commission would be a type of ''privacy ombudsman', with the right to investigate complaints and make recommendations in both the public and private sectors, but no power to enforce its recommendations, similar to the NSW Privacy Committee (established in 1975). However, it would assist in overseeing the Privacy Act 1974, which does give individuals some rights of action against government agencies. Nevertheless, it is a very limited ''1970s-style' measure.
The 1993 US Bill falls short of the ''1980s-style' Acts common in Europe, and such countries as Australia and New Zealand, which are based around enforceable sets of information privacy principles. The closest that the Privacy ProtectionAct 1993 comes to these is that the Congress finds in its ''findings and purpose' clause that one of the purposes of the Commission is to promote the adoption of fair information practices and principles in the public and private sector, which it says should include eight principles (openness, individual participation, data quality, collection limitation, use limitation, disclosure limitation, security and accountability), a list derived substantially from the OECD Guidelines of 1982.
The US is at present virtually alone among OECD countries in not having any national data protection agency. During Senator Simon's statement on introduction of the Bill, he made the following comments about the limited progress that has been made in privacy protection in the US since the 1970s (Congressional Record, 19 November 1993):
Vice-President Al Gore has also recommended the creation of a privacy agency in the National Performance Review report on reinventing government (September 1993), influenced by the administration's moves toward national health care reform and a national information infrastructure. In March, Senator Simon attempted to re-introduce the Bill with a scaled back staff of 25 and threecommissioners as an amendment to s4, the National Competitiveness Act of 1994, which was a high priorty Bill for the democratic leadership. However, a partisanfillibuster by Republican Senators to s4 prevented any amendments from being introduced before the Bill passed the Senate. Hearings on the Bill are expected for this summer.
It may be that 1994 sees the most significant US development in privacy protection for two decades, but it is likely to be only a small step forward.