Governments depend on the private sector to collect, retain, and provide personal data about their customers and employees for a wide variety of purposes. These purposes have long included social service programs, tax schemes, licensing of business and professional activities, voter registration, maintaining vital records about major lifecycle events, and management of public infrastructure. In recent years, private-sector data have played an increasingly critical role in preventing and detecting criminal activity and guarding against domestic and foreign terrorism. As a result, airlines, banks, telecommunications companies, internet service providers, and myriad other private enterprises are increasingly required to collect, store, and furnish to the government sensitive personal information.
These activities raise serious privacy and data protection issues, including:
· the difficulty of making many traditional data protection tools—such as seeking consent or providing a right to object—work in this setting;
· the fact that government access to private-sector data almost always involves repurposing data;
· the problem of maintaining data accuracy, integrity, and timeliness when data are extracted from one context and used in another;
· the challenge of maintaining effective oversight over data used in law enforcement and anti-terrorism settings;
· the thorny issue of distinguishing government demands for data that may be used to violate human rights, restrict freedom of communication, or block access to valuable information;
· the conceptual and legal hurdles when government access demands move beyond data on specific, targeted individuals to include broad-based data mining of information about individuals who have done nothing to warrant suspicion; and
· the special burden of addressing these and other issues when governments demand access to personal data from private-sector entities in other countries.
This panel will address government access to private-sector data today; the legal, ethical, and practical issues such access presents; and tools and best practices for managing these issues in the future.
· Government Access to Private Sector Data, presentation by John Kropf, Deputy Chief Privacy Officer, U.S. Department of Homeland Security
· Contribution of the EDPS to the consultation on the future EU-US international agreement on personal data protection and information sharing for law enforcement purposes
· Comments of the EDPS on different international agreements, notably the EU-US and EU-AUS PNR agreements, the EU-US TFTP agreement, and the need of a comprehensive approach to international data exchange agreements
· Data Privacy & Integrity Advisory Committee The Use of Commercial Data Adopted December 6, 2006
· Government Data Mining: The Need for a Legal Framework, Fred H. Cate
· Government Access to Private-Sector Data by Fred H. Cate