Data Responsibility

An American Approach to Data Privacy

Share this post:

In less than two weeks, the General Data Protection Regulation (GDPR) will go into effect in the European Union—solidifying the most expansive overhaul of privacy regulations in a generation. In addition to the risk of major data breaches, cybercrime and mismanagement of personal data, privacy is now front of mind for governments across the globe. And the question many are asking: should GDPR become the single global standard for privacy regulation? Given Europe’s prominence in the global privacy debate, it’s a reasonable question.

At IBM, we do not think there is a one-size-fits-all approach to privacy. Our company has long recognized the power data holds for our clients. It is the key to their competitive advantage. Today, it’s powering AI systems, helping companies develop deeper insights, unlocking new discoveries and making decisions exponentially faster. However, as more and more organizations interact with and manage data, all have an obligation to do so responsibly.

What works for one country or region will not necessarily work for another. IBM has worked closely with the European Union to ensure the GDPR addresses privacy concerns without undermining innovation, and we appreciate the EU’s desire to provide a unified approach across the EU and bring outdated regulations in line with 21st century challenges. But we do not agree with every component of the GDPR. As other countries consider their own privacy challenges, we do not believe that GDPR should be simply grafted onto privacy systems where its relatively prescriptive approach may not work – particularly in the United States.

Instead, IBM believes the United States should pursue a third way–one with a track record of success. Instead of government mandates, we believe a collaborative public-private approach, led by industry together with government, is the most feasible way to develop a framework of data privacy standards tailored to America’s needs.

There is recent precedent for such an approach. In 2013, in the aftermath of comprehensive cybersecurity legislation failing in Congress and cyber intrusions into critical infrastructure increasing, the Obama Administration issued an executive order calling on the National Institute for Standards and Technology (NIST) to lead a collaborative effort between government, industry, and academia to develop cybersecurity standards. A year later, the NIST Cybersecurity Framework was released and quickly became the blueprint for cybersecurity in the private sector. In 2014, the bipartisan Cybersecurity Enhancement Act of 2014 supported NIST’s continued work on this voluntary Framework. And in 2017, President Trump mandated use of the NIST Framework by U.S. Government agencies to manage their cyber risk.

This is a model for success, and what worked a few years ago for cybersecurity could address the issues we now face with data privacy. In fact, privacy already has been identified as an area NIST would like to build out within its Cybersecurity Framework, so all that would be needed to advance the effort would be a critical mass of interest and commitment from government, industry, and other stakeholders. Additional government participants, such as the Commerce Department’s National Telecommunications and Information Administration (NTIA), or the Federal Trade Commission (FTC), could also be drawn into the effort.

Today, IBM is bringing over 100 of our top leaders from across the country to meet with Members of Congress and discuss important issues as part of our annual Washington fly-in. It’s the tenth year we’ve held this fly-in and this year, the issue of data privacy will be at the top of our list. And we will be encouraging Members to embrace this collaborative, public-private approach.

Data privacy is a global priority, but one that must be addressed locally. We applaud Europe for taking early action. Yet a different – but no less effective – approach may be the best way to assure Americans that their digital privacy is being protected.

-Christopher A. Padilla, Vice President, IBM Government and Regulatory Affairs

 

 

Media Contact:

Rachel R. Thomas

Rachel.R.Thomas@ibm.com

More Data Responsibility stories

Data Stewardship and the Importance of Export Compliance in the IBM Cloud

This spring IBM published our Principles for Trust and Transparency, which outline how we protect our clients’ data and insights and how we usher new innovative technologies into the world responsibly. These principles are more than just words — they are a model for how IBM treats our customers’ data, everyday, everywhere.

Continue reading

IBM’s Response to EU Agreement on Legislation Regarding the Free Flow of Data

We understand the European Parliament, European Commission and EU Member States have reached an agreement on legislation that will enable the free flow of data across the European Union. Free flow of data is vital for European innovation, for the growth of businesses of all sizes and for achieving a Digital Single Market.

Continue reading

IBM’s Principles for Trust and Transparency

For more than a century, IBM has earned the trust of our clients by responsibly managing their most valuable data, and we have worked to earn the trust of society by ushering powerful new technologies into the world responsibly and with clear purpose. IBM has for decades followed core principles – grounded in commitments to […]

Continue reading