- The Washington Times - Monday, June 19, 2006


By Colin J. Bennett and Charles D. Raab, MIT Press, $30, 368 pages

Even if you’ve never physically set foot outside the United States, your personal information has traveled the globe. Credit card transactions, calls to customer service centers, credit checks and the transcription of medical records are frequently out-sourced to far-flung locations. Personal information knows no national boundary and is no longer attached to any single physical location. Your personal information is now a global business.

Why should the average citizen care? There are at least a few reasons. What are the rules in other countries on how personal information is used, shared and protected? Is it shared with other commercial or government entities such as the police or the intelligence communities?

There is also the fallibility factor: Humans and machines are not perfect. In the last several years there has been a steady stream of headlines reporting lost or stolen personal information on millions of Americans that was maintained by companies such as ChoicePoint and Bank of America as well as U.S. government agencies.

So how can individuals expect their governments to protect their personal information in a globalized world, where personal information has become a major form of currency for both private industry and government? This is the starting point of Colin J. Bennett and Charles D. Raab’s book, “The Governance of Privacy.”

Mr. Bennett, a professor at the University of Victoria in Canada, and Mr. Raab, a professor at the University of Edinburgh in Scotland, are both highly regarded authorities in the specialized world of international privacy. The authors’ extensive knowledge is evident throughout the book, which offers a useful and wide range of legal, policy and scholarly references.

“The Governance of Privacy” is a well-organized and comprehensive three-part look at the world of global privacy. The first section defines the goals of privacy protection, the second examines the global frameworks that exist to protect it and the third analyzes the effectiveness of those instruments.

Section one broadly identifies the goals of privacy as equity, reduction of risk and trust. Equity may be the most abstract and elusive of the three.

Section two is particularly important because it provides an extensive and complex inventory and analysis of existing global privacy instruments. Privacy laws based on traditional notions of sovereignty and jurisdiction have become obsolete because of the global acceleration of complex technology.

Unlike the law, policy instruments can be quickly developed and implemented to fill the void, and are often better suited to the international arena. Consequently, international privacy frameworks are now composed more of policy than of law.

Mr. Bennett and Mr. Raab start at the top of the global hierarchy by examining the transnational privacy policies of international bodies such as the OECD and APEC, as well as the law of the European Union’s 1995 Data Directive. Following this examination is a treatment of the national laws, regulations, principles, and data protection authorities who oversee the enforcement of the privacy systems in many countries.

The authors also devote a chapter to an analysis of self-regulatory instruments — a favored option in the United States — composed of commitments, codes, standards and seals. Mr. Bennett and Mr. Raab incisively recognize that technology itself acts as a policy instrument that can be used to enhance or erode privacy depending on how systems are designed and built.

Section three culminates with an analysis of whether the collection of global frameworks introduced in section two are effectively protecting and promoting privacy. While Mr. Bennett and Mr. Raab note the difficulty in measuring the impact of any one framework, they suggest several broad scenarios for the future. In the world of competing privacy frameworks, are we in a race to the top of improved privacy standards, to the bottom of reduced privacy standards, or somewhere else?

The authors’ conclusion holds that privacy standards are not monolithic, singularly regressing or progressing. Privacy is too multi-faceted for any simplistic conclusion. Because privacy concerns touch upon many fronts, the authors predict many races to the top and many races to the bottom.

This book is not a basic introduction to privacy for those interested in learning about the area. Rather, “The Governance of Privacy” may be better suited to those with an existing foundation in privacy. For those policy makers, practitioners and academics in the privacy sector, however, this is a must read.

John W. Kropf works for the Department of Homeland Security’s Privacy Office. The views expressed here are his and not those of the Department of Homeland Security or the government.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide