Thinking Globally
Recent security breaches at electronic research companies raised concerns in Congress and other U.S. forums that thousands of people could be victimized by identity theft.
There is only one problem with that perspective, say two lawyers with the ABA Section of International Law. Like cyberspace itself, privacy issues in an electronic age reach far beyond the borders of the United States–and so will any effective efforts to address those issues.
Electronic privacy is a growing worldwide concern as access to the Internet expands and national economies become more intertwined, say Jeffrey M. Aresty and Demetrios Eleftheriou. Moreover, they say, efforts to deal with electronic privacy issues will have to take into account a patchwork of national laws on privacy.
They say it’s already virtually impossible for an international company to comply with all the privacy rules in the various countries where it operates. Privacy issues are a potential problem even for companies with a limited foreign presence, Aresty and Eleftheriou say.
“The issue that we’re all facing is that we’ve entered a new era where every business model is being transformed in some way because we’re in a global space,” Aresty says. The Boston lawyer chairs the International Law Section’s Information Services, Technology and Data Protection Committee.
“We have electronic communication and communities being formed around that space,” Aresty says. “And the laws that exist are designed for nation-states and geographical connections that make it very difficult to apply laws extraterritorially. It’s about time that we promote a harmonized rule of law in cyberspace.”
The European Union, for instance, has an overarching data protection directive, but many of the EU’s 25 member states have revised the model provision in the process of incorporating it into their own scheme of laws, says Eleftheriou of Washington, D.C., the committee’s co chair. That has resulted in significant conflicts on privacy rules just within the EU, he notes.
For multinational corporations, Eleftheriou says, “It’s virtually impossible to comply with all the data protection laws that are currently on the books. You just want to minimize the risk. That’s the best you can do.”
Information, Please
Aresty and Eleftheriou have taken a first step within the International Law Section in pursuit of an ambitious plan to organize lawyers from around the world into an online network to address electronic privacy issues.
They are trying to build a comprehensive resource on privacy laws through the committee’s page on the ABA Web site. It already is becoming a repository of information, as well as links to a growing list of U.S. and foreign privacy statutes, regulations and cases. (The site can be accessed via the ABA’s home page at www.abanet.org by going to the Section of International Law and then clicking “Join the Section Committees.”)
Aresty says he also has helped organize a nonprofit group outside the ABA for lawyers interested in practice issues relating to cyberspace. (Information about the new group can be found at www.internetbar.org.)
In addition to conflicts between national laws, concerns about international privacy standards arise in the context of business practices, Aresty and Eleftheriou say.
As outsourcing becomes more common, they say, subsidiaries or independent foreign companies to which work is sent may not be in compliance with the primary corporation’s privacy policies. Sometimes the corporation itself may not comply with its own privacy policies. When violations occur, the company faces potential liability even if voluntarily adopted rules in its privacy policy were not required by law, Eleftheriou notes.
Citing estimates that there will be more than 25 million victims of identity theft in 2005, Aresty says, “Think of what this means in terms of liability.”