The World Privacy Forum, a nonprofit based in California, has issued a report on the US Department of Commerce’s work on privacy protection for consumers. The Forum says it’s focusing on Commerce, “given its role overseeing such critical programs as the US/EU Safe Harbor data agreement.” From the introduction for “The US Department of Commerce and International Privacy Activities: Indifference and Neglect” (pdf):
The rise of privacy as an issue of international attention has taken place during the past forty years. Various agencies of the US Government have played roles on international privacy matters, including the State Department, Federal Trade Commission, Department of Homeland Security, Office of Management and Budget, the Department of Commerce, and scattered other agencies. The privacy activities of these agencies have waxed and waned over the decades. Of the US agencies, the US Federal Trade Commission has played by far the most significant role in consumer privacy issues, for example, identity theft, financial privacy, and a host of issues related to privacy and fair business practices. […]
The Department of Commerce has played an occasional but not exclusive role in representing the United States internationally, often with regard to data protection activities in Europe. This report summarizes some of the international privacy activities of the Department, with a major focus on the Safe Harbor Framework established in 2000 with the European Union in response to the requirements of the EU Data Protection Directive. […]
The Department of Commerce’s actions on international privacy matters have often been characterized by highly visible but ineffectively administered programs that lack rigor. As this report discusses, three separate studies show that many and perhaps most Safe Harbor participants are not in compliance with their obligations under the Safe Harbor Framework. The Department of Commerce has thus far carried out its functions regarding the Safe Harbor program without ensuring that organizations claiming to comply with the Safe Harbor requirements are actually doing so. […]
The Department of Commerce’s failure to demand compliance with Safe Harbor requirements has so undermined the value of the program that some European data protection authorities are no longer willing to rely on a participating organization’s self-certification as reflected on the Department of Commerce’s Safe Harbor website.