25730
portfolio_page-template-default,single,single-portfolio_page,postid-25730,stockholm-core-2.4,qodef-qi--no-touch,qi-addons-for-elementor-1.6.7,select-theme-ver-9.5,ajax_fade,page_not_loaded,,qode_menu_,wpb-js-composer js-comp-ver-7.4,vc_responsive,elementor-default,elementor-kit-38031

Implementing Privacy Policy: Who Should Do What?
David Hyman and William E. Kovacic*
Article

  The full text of this Article may be found here.

29 Fordham Intell. Prop. Media & Ent. L.J. 1117 (2019).

Article by David Hyman and William E. Kovacic

 

ABSTRACT

[A]

cademic scholarship on privacy has focused on the substantive rules and policies governing the protection of personal data. An extensive literature has debated alternative approaches for defining how private and public institutions can collect and use information about individuals. But, the attention given to the what of U.S. privacy regulation has overshadowed consideration of how and by whom privacy policy should be formulated and implemented.

U.S. privacy policy is an amalgam of activity by a myriad of federal, state, and local government agencies. But, the quality of substantive privacy law depends greatly on which agency or agencies are running the show. Unfortunately, such implementation-related matters have been discounted or ignored— with the clear implication that they only need to be addressed after the “real” work of developing substantive privacy rules is completed.

As things stand, the development and implementation of U.S. privacy policy is compromised by the murky allocation of responsibilities and authority among federal, state, and local governmental entities—compounded by the inevitable tensions associated with the large number of entities that are active in this regulatory space. These deficiencies have had major adverse consequences, both domestically and internationally. Without substantial upgrades of institutions and infrastructure, privacy law and policy will continue to fall short of what it could (and should) achieve.

*David A. Hyman is a Professor at Georgetown University Law Center. From 2001– 2004, he served as Special Counsel to the Federal Trade Commission. William E. Kovacic is the Global Competition Professor of Law and Policy at the George Washington University Law School. He served as General Counsel at the FTC from 2001–2004, and was a Commissioner from 2006 to 2011, chairing the agency from March 2008 to March 2009. He currently is a Non-Executive Director of the United Kingdom’s Competition and Markets Authority. The views expressed herein are the authors’ alone.

We received exceptionally helpful comments from Bob Gellman when this paper was presented at the 10th Annual Privacy Law Scholars Conference (May 2017). We also want to acknowledge the helpful comments we received from other attendees at the conference, including Aaron Burstein, Pam Dixon, Sharon Bradford Franklin, Zachary Goldman, David Gray, Lance Hoffman, Chris Hoofnagle, Cam Kerry, Siona Listokin, Bill McGeveran, Joanne McNabb, Terrell McSweeny, Whitney Merrill, Hannah Meyer, Ira Rubenstein, Jay Stanley, Peter Swire, and Omer Tene.