However, our support for the emergence of the APEC Privacy Framework has generated some criticism, which I'd like to address. The APEC Privacy Framework was inspired by the OECD Guidelines on the Protection of Privacy and is concerned with ensuring consistent and practical privacy protection across a wide range of economic and political perspectives.
At the core of the APEC framework is an entirely new privacy protection principle that does not exist in the regulatory frameworks of the 80s and the 90s: the “preventing harm” principle. The starting point is that personal information protection should be designed to prevent the misuse of that information. Since the greatest risk of that misuse is harm to individuals, we need a set of rules that seek to prevent that harm.
Using the reasoning of the APEC framework, global privacy standards should take account of the risks derived from the wrongful collection and misuse of people’s personal information and be aimed at preventing the harm resulting from those risks. Under the “preventing harm” principle, any remedial measures should be proportionate to the likelihood and severity of the harm. Some critics have said that the APEC framework is ambiguous and that the “preventing harm” principle does not look at privacy protection from the point of the individual. However, the focus of the “preventing harm” principle is precisely the individual and what is perceived as harmful by that individual.
Others see the APEC framework as the weakest international framework in this area and support the original OECD Privacy Guidelines because they are based on a simple approach to privacy protection. But is this approach a valid one to address the challenges of the Internet age? In today’s world, virtually every organisation – public or private, large or small, offline or online – relies on the collection and use of personal information for core operational purposes.
At the same time, regulators around the world are acknowledging the fact that they have limited resources to deal with all aspects of personal information protection. And three-quarters of the countries in the world still don't have meaningful privacy regimes in place. We believe that the APEC framework is the most promising foundation to advance privacy protections in those countries. What is wrong then with looking at this very practical challenge in a practical manner and trying to prioritise what really matters to people in an objective, yet flexible, way?
Fortunately, some regulators are also looking at the “preventing harm” principle as a valid way forward. The UK Information Commissioner recently published its data protection strategy which emphasises the need to make judgments about the seriousness of the risks of individual and societal harm, and about the likelihood of those risks materialising. The strategy document goes on to say that the UK regulator’s actions will give priority to tackling situations where there is a real likelihood of serious harm.
Using this approach, the key issue for policymakers and regulators is to figure out what is (or can be) harmful and what isn’t. Sure, identity theft and spam are bad. But is targeted advertising harmful or beneficial for consumers? What about the use of cookies to remember consumers’ preferences or computer settings? Do they make life easier or are they a harmful consequence of our online activities?
Let's say you're looking for some publicly available government information online. Maybe you're searching for property records or background on your local school district. Chances are, you'll start your quest not by typing in the URL of a government agency website, but by visiting Google or another search engine. Unfortunately, that may not produce the results you're looking for. In fact, much of the content that government agencies make available on the web (about half, by our estimates) doesn't appear in search results because of the way many government websites are structured.
Implementing Sitemaps is an easy way for government agencies to make their online information and services more visible and accessible to the citizens they serve. We’ve already worked with states like Arizona, California, and Virginia, and federal agencies in the Departments of Agriculture, Energy and Health and Human Services. We've also supported the sitemapping of large databases by Library of Congress and National Archives and Records Administration.
We welcome this Senate legislation and encourage governments at all levels to participate in this effort to become more transparent and accessible to citizens.
Fascinated by the twists and turns of the upcoming FCC spectrum auction? Can't get enough of the Digital Millennium Copyright Act? Passionate about online freedom of expression issues? If you're a undergraduate, graduate, or law student interested in in the world of tech policy, or know someone who is, keep reading.
We’re excited to announce the launch of the Google Policy Fellowship program, our effort to replicate the success of our Summer of Code program in the public policy sphere and to support students and organizations doing work important to the future of Internet users everywhere.
Those selected as fellows will receive a stipend to spend ten weeks contributing to the public debate on technology policy issues -- ranging from broadband policy to copyright reform to open government. Participating organizations for our beta summer of 2008 include the American Library Association, Cato Institute, Center for Democracy and Technology, Competitive Enterprise Institute, Electronic Frontier Foundation, Internet Education Foundation, Media Access Project, New America Foundation, and Public Knowledge.
Check out more details and the application, which is due by January 1, 2008. And please help us spread the word!
