AFFIRMATIVE-CONSUMER/INTERNET-INHERENCY 362

CURRENT PRIVACY REGULATORY MECHANISMS FAILS

THE US HAS NO PRIVACY OVERSIGHT COMMISSION

David Banisar and Simon Davies, Deputy Director of Privacy International (PI) and Director General of Privacy International and a Visiting Fellow at the London School of Economics, "GLOBAL TRENDS IN PRIVACY PROTECTION: AN INTERNATIONAL SURVEY OF PRIVACY, DATA PROTECTION, AND SURVEILLANCE LAWS AND DEVELOPMENTS," The John Marhall Journal of Computer & Information Law , Fall, 1999, 18 J. Marshall J. Computer & Info. L. 1, EE2001-JGM, P.

There is no privacy oversight agency in the U.S. The Office of Management and Budget plays a limited role in setting policy for federal agencies and has not been particularly active or effective. The Federal Trade Commission (FTC) has oversight and enforcement powers for laws protecting consumer credit information and fair trading practices, but has no authority to enforce privacy rights, other than those arising from fraudulent or deceptive trade practices. n682 In the last several years, the FTC has received thousands of complaints but issued opinions in only three cases. It also organized a series of workshops and surveys, which typically show that industry protection of privacy on the Internet is poor, but the FTC said that the industry should have more time to make self-regulation work.

AGENCIES THAT MONITOR PRIVACY PROTECTION COMPLIANCE ARE UNCOORDINATED AND DECENTRALIZED, MAKING THEM INADEQUATE PROTECTORS

Gregory Shaffer, Assistant Professor of Law, University of Wisconsin Law School, Winter, 2000; Journal of International Law, 25 Yale J. Int'l L. 1, "Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of U.S. Privacy Standards," EE2001-hxm lxnx

Even where information is covered by U.S. legislation, no central administrative agency monitors compliance. In the United States, a hodgepodge of federal agencies oversee privacy issues relating to disparate sectoral and issue-specific concerns. Responsible agencies include the Federal Trade Commission, the Office of Consumer Affairs, the Office of Management and Budget, the Office of the Comptroller of the Currency, the Social Security Administration, the Department of Health and Human Services, the Internal Revenue Service, the Federal Reserve Board, and the National Telecommunications and Information Administration. n103 To date, these agencies do not coordinate their data privacy oversight. n104

STATUS QUO DATA PRIVACY REGULATION IS GROSSLY INADEQUATE, FRAGMENTED, AND UNCOORDINATED

Unlike the broad scope of coverage and the centralized standard-setting and enforcement features of the EU Directive, data privacy regulation in the United States is fragmented, ad hoc, and narrowly targeted to cover specific sectors and concerns. It is decentralized and uncoordinated, involving standard setting and enforcement by a wide variety of actors, including federal and state legislatures, agencies and courts, industry associations, individual companies, and market forces. n8l To a certain extent, the U.S. handling of data [*23] privacy issues reflects Americans' traditional distrust of a centralized government. n82 United States legislation provides citizens with significantly greater protection against the collection and use of personal information by government, in particular the federal government, than by the private sector. While the EU Directive imposes legislation to condition market interactions, the United States relies less on government intervention in the private sector and more on market constraints.