Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Greenleaf, Graham --- "US privacy principles for the US National Information Infrastructure" [1994] PrivLawPRpr 49; (1994) 1(4) Privacy Law & Policy Reporter 68

US privacy principles for the information superhighway

Graham Greenleaf reports on developments in the National Information Infrastructure.

The Privacy Working Group of the US's Information Infrastructure Task Force (IITF) released draft Principles for Providing and Using Personal Information on 4 May 1994. This set of principles for the collection and use of personal information may become the most important formulation of fair information practices yet developed in the US.

The IITF co-ordinates government policy on the National Information Infrastructure (NII). It is chaired by Vice President Al Gore and Secretary of Commerce Ron Brown. There are three IITF Committees: information policy, applications, and telecommunications policy. The draft Principles are, in effect, recommendations to the IITF via the Information Policy Committee.

The Privacy Working Group is one of three working groups within the information policy committee (the other two are information access and intellectual property). It is made up of about 20 Federal officials from such agencies as the Department of Justice, the National Security Agency, the Commerce Department, the Defense Department, the Office of Management and Budget, IRS, Census, the US Postal Service and other agencies.

The Working Group has identified seven possible milestones for its work:

(a) identification of scope of privacy concerns;

(b) development of a statement of fair information practices;

(c) determination of who should have responsibility for implementing practices;

(d) identification of gaps in current US law;

(e) identification of control mechanisms for privacy protection;

(f) preparation of paper with recommendations; and

(g) drafting of proposed legislation.

In the Working Group's preamble to the draft Principles, they state that the Principles ''are intended to be equally applicable to public and private entities that collect and use personal information', but are only ''the framework from which specialised principles can be developed'. They also state that ''the principles should recognise that the interactive nature of the NII will empower individuals to participate in protecting information about themselves'.

The Principles and Commentary released by the Privacy Working Group may be obtained via internet from IITF by telnet to iitf.doc.gov and login as ''gopher'. It is requesting comments, which should be sent to nii@ntia.doc.gov.

Criticisms

The Electronic Privacy Information Center (EPIC), which was previously the Washington Office of Computer Professionals for Social Responsibility (CPSR), but is now specialising in privacy advocacy, has prepared A Review of the Proposed Principles of the Privacy Working Group (EPIC Report 94-1, obtainable via internet from reports@epic.org). EPIC considers the draft Principles as ''a surprisingly weak set of standards'. They are particularly critical that ''in shifting responsibility from data collectors to subjects for basic fair information practices, the Principles weaken current safeguards and make it more likely that the improper use of personal information will occur'. They say that this is contrary to the approach in existing US laws. More specifically, they criticise the lack of obligations on data collectors and the absence of a requirement for informed consent to the sale of personal data. They conclude that the proposed Principles would not be considered ''adequate' in the terms of the draft EU data protection directive. Following are the Principles - See (1994) 1 PLPR 69