US watchdog, the Federal Trade Commission (FTC), has signed an agreement with seven countries to share cross-border information relating to privacy.
The new "alert" system will let regulators from America, UK, Australia, Canada, Ireland, the Netherlands, New Zealand, and Norway share confidential information about ongoing investigations, and the FTC is very excited about it. FTC chair, Edith Ramirez, said that, "GPEN Alert is an important, practical cooperation tool that will help the Global Privacy Enforcement Network authorities protect consumer privacy across the globe."
However, it seems the other signatories are less excited as only one of the seven countries (the UK) has announced the news. The GPEN website has not been updated to contain information about its own new alert system. Those displaying indifference include Ireland, which will be hosting the 37th International Conference of Data Protection and Privacy Commissioners. Ireland are currently the focus of global privacy issue at the moment, thanks to the recent victory of Max Schrems against Facebook in the European Court of Justice.
The news follows comments from the FTC's bureau director, Jessica Rich, who criticised EU data protection authorities for not doing enough to beat violations of the Safe Harbor framework. Julie Brill, the FTC Commissioner, also pointedly noted that Europe was not having an "honest" discussion about data privacy and sharing.
It's not clear, at this stage, whether the GPEN Alert system (based on the FTC's own Consumer Sentinel Network) will suffer a similar lack of interest.
It is clear that data protection offices from around the world, but especially in Europe, are not happy about the US's approach to privacy, particularly when it comes to the commercial use of customers' data. For a number of years they have been lobbying to have the Safe Harbor framework shut down, but were consistently ignored by politicians in the European Commission. The FTC was responsible for overseeing a framework that was largely one-sided: American companies like Facebook, and Google pulling personal details of Europeans over to State-side servers. The ECJ judgment turned that situation on its head and has left US companies and authorities scrambling to find an alternative.
Europe has provided 13 recommendations for the United States but the US government has, so far, refused to budge, citing national security issues. The FTC is thought to be negotiating key parts of a new agreement that has been under discussion for two years, but talks about it as if it is not involved.
Meanwhile, the only non-US comment on the new GPEN Alert system has come from UK Information Commissioner, Christopher Graham. He said: "People need to know privacy authorities around the globe are watching over their information, and that policing of the rules doesn't stop at a country's border. The launch of the GPEN Alert today is an important practical step in achieving that, building on the international cooperation the GPEN network has developed. By providing a secure and confidential system, we hope it will prove a key tool in the future."