My thanks to Professor Charlesworth for forwarding to us Prof. Reidenberg's
comments and clarifications. I stand corrected on the points on the
publication of the book and its timing. The publisher's name escaped me at the
time. As I trust my comments reflected, it is a well-done work for which  I
have deep respect (as I do for Prof. Reidenberg) and which stands on my
bookshelf. However, I believe my slight over-conclusionary assertion that the
work could not determine "adequacy" (and I accept that it did not expressly
address the question), is nevertheless partially supported by Professor
Reidenberg's conclusion that whether US law in totality in specific sectors
satisfies European standards can be argued either way. There is also no doubt
that in many aspects of private and business life our privacy protections do
not achieve the level of those aspired to in Europe, and I use "aspire"
intentionally, as implementation has been a very spotty thing there in my
experience.
   I am flattered that the Direct Marketing Association is perceived to have
the skill, resources, and talent to be able to prevent as much as legislation
as is suggested. We have not lately been very successful at it, given the
Drivers' Privacy Protection Act, the Children's Online Privacy Protection Act
(which we supported), and numerous State regulations on telemarketing.
   This I think goes to the strength and health of public and legislative
debate in this subject area, and the American tendency to address problems on
a one-by-one basis, rather than on an omnibus basis, and then to determine if
industry has the wherewithal to address the problem with self-regulation after
some government prodding, or whether the problem is serious enough to merit
legislation providing for civil or even criminal penalties.
   No doubt this seems sloppy and intellectually indefensible from many
vantage points, but it is what our experimental laboratory of 51 jurisdictions
has done for over 200 years. It does not seem to me unhealthy to address
privacy and data protection in terms of costs and benefits, as we do until
emotions get carried away, otherwise a society can end up bearing enormous
costs of conversion and compliance at little or no improvement in the
"problem" addressed.
    No doubt there are those in Europe who view our peculiar American
enshrining of freedom of speech and press in near absolute terms as being as
much of a curiosity as some of us do the enshrinement of the principles of
data protection in Europe. At least we are used to the former absolutes;
perhaps we'll even accept the latter absolutes, but I trust they will probably
be on a sector by sector basis, with our own variants.  Some treatments seem
intellectually self-evident, but break down a bit when roughed up by
experience. We are still puzzled that financial information is not considered
to be "sensitive", for example, or that race or union membership would be
considered sensitive, when these are qualities which we in many instances have
a legal obligation to know and act upon, or at least not act in a
discriminatory fashion upon. Indeed, union members often where their
membership badges as a point of pride. And if this important part of the
Directive and the principles are historically-based, then how much else
therein is subject to the same examination and relativism?
As for notice and choice, which are fundamental, the DMA requires its members
to provide these, and has expelled members for failure to comply.
Yours, in healthy debate,
Charles Prescott
Andrew Charlesworth wrote:

> Further to the message sent to the list by Charles Prescott vis the
> situation in the US (see the end of the message) , I am forwarding
> a message from Professor Joel Reidenberg, one of the Professors
> cited therein.
>
> Andrew
>
> ------- Forwarded message follows -------
> Date sent:              Fri, 18 Feb 2000 15:10:29 -0500
> From:                   "Joel R. Reidenberg" <[log in to unmask]>
> Send reply to:          [log in to unmask]
> Organization:           Fordham Law School
> To:                     [log in to unmask]
> Subject:                Re: (Fwd) Re: US acts
>
> Andrew,
>
> Thanks very much for sending me a copy of Charles Prescott's
> inaccurate missive.   Would you please post to the list my comments?
>
> ***********************
> Charles Prescott's message contains a number of significant
> factual errors concerning my book and efforts in the United
> States that warrant correction for the list.
>
> > In fact, the EC  hired two respected US legal scholars of privacy,
> > Reidenberg and Schwartz, to study whether the US was "adequate".
>
> Professor Schwartz and I were not hired to make any assessment
> of US"adequacy." Anyone who reads the book will see clearly
> stated  in the preface at p. ix and in the text at p. 19 that the
> mission of our project was to compare US data protection law and
> practice to basic European principles. Indeed, the Directive had not
> even been adopted when we began work on the book in 1993 and
> our project never even mentions "adequacy" in defining our
> comparative mission (see pp. 24-25) or in our conclusions (chapter
> 14).
>
> >These two professors very much advocate stronger
> > privacy protections in the US, but their work surveyed the vast
> > variety and scope of our legal protections and they specifically
> > concluded that because "adequate" was such a vague word, they could
> > not honestly conclude that the US laws were inadequate.
>
> Our book makes no such statement.  Indeed, we do not even use
> the word"adequacy" in the book.  Among our conclusions, we did
> state that "taken together, the convergences and divergences
> preclude any general conclusion about whether the U.S. private
> sector, in the contexts of telecommunications, financial services,
> direct marketing and employment, respects the basic elements of
> the European principles, or alternatively, fails to satisfy them. The
> research shows evidence for both arguments." (p. 395)
>
> > (This book was never published by the EC, which wishes it
> > would sink out of sight, but it is still available in print. Search
> > Amazon.com.)
>
> This is an outrageously false statement.  Our study was published
> by Michie, a major American law publisher now owned by Lexis
> Publishing, under a specially negotiated agreement with DGXIII.
> This is even noted in the copyright notice appearing in the
> published book.  In fact, when our study was completed in 1995,
> the Commission was not in the practice of publicly releasing
> studies.  To my knowledge, ours is the first of what eventually
> became a series of studies that the Commission agreed to publish.
>  DGXIII, the sponsor of our study, made the exception for our work
> precisely because the Commission wanted it to be very public.
> Michie and DGXIII worked to have the book in print in record time;
> within a year of completion the book was on the shelves!
>
> It's present availability depends on the publisher, Lexis, and has
> indeed been through several printings.
>
> > > Lawmakers and scholars have tried to write a US Data Protection Law,
> > >and repeatedly fail because an omnibus law inevitably runs afoul of our
> > >Constitutional protection of freedom of speech and press.
>
> This is sheer non-sense.  As our 400+ page book shows, the US
> legal system fails to provide a multitude of very important privacy
> protections for citizens.  Prescott's organization, the Direct
> Marketing Association, can take great credit for blocking most
> privacy proposals in the US.  Prescott's knowledge of the various
> proposals and his understanding of US constitutional law could use
> a refresher course.
>
> JRR
>
> --
> **************************************************
> Joel R. Reidenberg
> Professor of Law and Director of the Graduate Program
> Fordham University School of Law
> 140 W. 62nd Street
> New York, NY 10023 (USA)
> Tel: 212-636-6843
> Fax: 212-636-6899
>
> Email: <[log in to unmask]>
> Web: <http://reidenberg.home.sprynet.com>
> **************************************************
>
> ------- End of forwarded message -------
>
> > 4. As far as the "adequacy of privacy protection" in the US is
> > concerned, I think this is a gross canard which ill-informed
> > observers continue to repeat without independent verification.  I
> > would observe that no government in Europe, outside Spain, has
> > officially stated this conclusion.  In fact, the EC hired two
> > respected US legal scholars of privacy, Reidenberg and Schwartz, to
> > study whether the US was "adequate". These two professors very much
> > advocate stronger privacy protections in the US, but their work
> > surveyed the vast variety and scope of our legal protections and
> > they specifically concluded that because "adequate" was such a
> > vague word, they could not honestly conclude that the US laws were
> > inadequate. (This book was never published by the EC, which wishes
> > it would sink out of sight, but it is still available in print.
> > Search Amazon.com.)  I would also observe that as a practicing
> > lawyer in the United States with 20 years of experience around the
> > world, citizens and individuals have far more effective legal
> > recourse against misuse of their personal information in ways which
> > our public policy has found harmful than anywhere else on earth.
> > Iit seems clear to me that the Article 29 paper on assessing
> > adequacy issued in 1998 was poorly researched (and perhaps not
> > researched at all), and progressed from presumptions and biases in
> > favor of the more "statist" role of government prevalent in Europe.
> > For example, they made no study or our common law doctrines on
> > privacy, our legal system, or the ease of access to that system by
> > individuals, and in fact make gross errors of legal interpretation
> > and build to conclusions on the basis of those errors. Not having
> > further resources to do an intellectually-honest job, Article 29
> > ended up concluding that adequacy could only be provided by a
> > country having "a law like ours."  And the US-EU negotiations on
> > the Safe Harbor concept have proceeded on the European side on that
> > basis. I.e., "you don't have an overarching law like ours, so prove
> > you are adequate." Lawmakers and scholars have tried to write a US
> > Data Protection Law, and repeatedly fail because an omnibus law
> > inevitably runs afoul of our Constitutional protection of freedom
> > of speech and press.  One omnibus confronts another, and that
> > creates a lot of conflict. 5. The Citibank model contract is
> > notable in its provisions. It makes a very bad and practically
> > unusable model for 99% of business needs.  It is also noteworthy
> > that the German authorities "monitor" the contract only in the
> > sense that they have an address and a phone number for German
> > citizens to call to complain. They have neither funds for nor
> > interest in actually
> > monitoring processing in America. Regards,
>
> Andrew Charlesworth
> Senior Lecturer in IT law
> Director, Information Law and Technology Unit
> University of Hull Law School
> Hull, UK, HU6 7RX
> Voice: 01482 466387   Fax:   01482 466388
> E-mail: [log in to unmask]

--
Charles A. Prescott
Vice President, International Business Development
and Government Affairs
Direct Marketing Association
1120 Avenue of the Americas
New York, NY 10036
U.S.A.

Tel. (1) 212-790-1552
Fax. (1) 212-790-1499
e-mail: [log in to unmask]
website: www.the-dma.org






%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%