Duke Panel Eyes Status of Data Privacy
Duke panel eyes status of data privacy
BY MONICA CHEN : The Herald-Sun
mchen@heraldsun.com
Jan 29, 2008
DURHAM -- Academic, corporate and security heavyweights from Interpol, Intel, the U.S. Federal Trade Commission and others converged on the Duke University School of Law on Monday to trade information on the state of data privacy in the U.S. and Europe.
The U.S. joined 27 European countries for an international data privacy observance Monday, which was proclaimed Data Privacy Day in North Carolina by Gov. Mike Easley.
Speakers at the conference, "Data Privacy in Transatlantic Perspective: Conflict or Cooperation," pointed to the fragmentation of governments and agencies regulating privacy as a key issue in privacy protection.
Among the topics of discussion: consumer data protection, national security and corporate data sharing, and the impact the Internet and 9/11 have had on personal privacy.
"Our culture is not based on a lot of primacy of privacy. People will say they value privacy until something shows them otherwise," said Anne Klinefelter, a UNC Chapel Hill law professor and associate director of the school's law library.
Various speakers lamented the lack of privacy protection laws in the U.S., in particular after 9/11.
Francesca Bignami, a Duke law professor, said privacy and data privacy are not considered fundamental rights in the U.S. -- at least, not without new interpretations of the 4th and 14th amendments to the constitution.
In July 2007, after three years of back and forth, the U.S. negotiated an agreement with the European Union which compels European airlines to divulge personal information about their travelers to the U.S. -- including credit card numbers, family members, etc.
Bignami said European agencies still criticize American privacy laws -- mainly because of the laws' lack of information about what happens to personal data once it's been collected.
"The regulation tends to be very front-ended, very focused on collection but not focused on what happens afterward," she said.
"The less information out there, the better," Bignami added. "The less information, the less risk of surveillance by the government ..., the less risk it might be wrong or stolen by hackers."
Another privacy agreement between the U.S. and the EU is the Safe Harbor program implemented in the late '90s to help American companies meet the EU's requirements for data protection.
There are 30 Safe Harbor companies in North Carolina.
But beyond governmental systems, panelists pointed to social networking Web sites like Facebook and MySpace, as well as IP addresses as examples of the ways technology has affected privacy.
Internet Protocol addresses, or IP addresses -- those often-ignored but unique addresses stamping a person's electronic presence -- emerged as a key issue in the discussion of one panel on Monday.
Peter Schaar, a top European data protection official, recently said at a European Parliament hearing that an IP address should be considered personal information if it's used to identify an individual.
Schaar is chairman of a European Commission group studying personal data and privacy issues.
Jane Horvath, privacy counsel for Google and former chief privacy officer for the U.S. Department of Justice, said that where the Internet search engine giant Google is concerned, an IP address could be used to identify a person, but often it's the address of a network.
David Hoffman, director of privacy and security policy at Intel, said a challenge would be for companies to design in privacy protocols and integrate the different fragmented legal systems on data privacy that way.
"What is the definition of personal data? We have a lot of unique identifiers," he said. "As an international effort, as a part of data transfer, globally -- we'll have to figure out ways to design in processes so when we do the identification of what is personal data, we know how to handle it appropriately."
"A culture of privacy and security cannot be just implemented. Deus ex machine cannot be just dropped down," said moderator Richard Purcell, former chief privacy officer at Microsoft. "We're developing it slowly. ... It will keep up with technology only in the sense that technology will continue to drive and thrash this thing to force us to keep up with policy."
This press release was published on 30 Jan 2008 and last modified on 30 Jan 2008. For more information, please contact Robin Crow at robin.crow@duke.edu For more information see http://www.heraldsun.com/durham/4-919717.cfm?