Change on the way
"Change" seems to be the word of the year. As 2008 drew to a close, we had a changing economy, a changing U.S. administration, a changing Canadian parliament (or not!), and myriad changes brought about by mergers, acquisitions, and bankruptcies. But what changes can we expect in the world of privacy?
Some changes in the privacy world are easy to predict. Canada is underway with a PIPEDA review. The EU will be reconsidering the Data Protection Directive (congratulations to three IAPP members, including board member David Hoffman, who were recently named to the five-person review committee). Data breach notification laws will be considered around the world. And behavioral advertising, social networking, geo-specific data, and electronic health records will continue to generate heated debate.
But there are other changes in the field of privacy that are more difficult to foresee. Or, rather, "change" is easy to foresee. It is the direction of the change that is hard to predict.
Washington, DC is currently buzzing with changes. A new administration, a new Congress, and new appointments are filling the headlines. Privacy may take a lead position next year as a fully Democratic Party-led Congress pushes a new agenda. Will Jackie Speier, Joe Barton, and Ed Markey introduce broad-based privacy legislation? Or will the debate focus on more discreet areas, such as online advertising and e-health? Or will the economy stall the introduction of such bills? These are tough questions.
Changes are afoot in the global debate on privacy as well. We are seeing a gradual recognition around the world that the fair information practices may be too limited a policy response to the breadth and scale of the information economy. Many thought leaders are pointing towards accountability-based policies as the right tools to address privacy concerns in the future. But how do such broad policy initiatives get introduced into a global framework built upon the foundations of notice and choice? FTC Chairman Kovacic recently said that the best we can hope for is interoperability on the global stage, not convergence, nor harmonization. He may be right. But what bridges need to be built to make privacy laws interoperable? BCRs, safe harbors, model contracts, treaties? These are tough questions, too.
So my predictions this year are a bit of a dodge. Change is most assuredly on the way. More than that is tough to predict….
J. Trevor Hughes, CIPP
Executive Director, IAPP