FTC, Irish DPA Reach Mutual Enforcement Agreement
By Jedidiah Bracy, CIPP/US, CIPP/E
Federal Trade Commission (FTC) Chairwoman Edith Ramirez and Ireland Data Protection Commissioner Billy Hawkes have signed a memorandum of understanding (MOU) to “promote increased understanding and communication” between both agencies, an FTC press release states. Ramirez said the MOU “is a step forward for the FTC in cross-border privacy enforcement,” and that, “Working closely with our international partners in this area benefits both consumers and companies.”
Hawkes said, “Given the increasing data flows across borders and the ever-increasing complexity and pervasiveness of information technologies, I very much welcome this important development, which I believe will be of valuable assistance to my office both as a basis for the sharing of experiences and knowledge of issues encountered by both agencies in their interactions with consumers and businesses and also in relation to cross-border enforcement cooperation where necessary.”
The MOU "is a sign of the growing recognition in the EU that the U.S. indeed is a strong partner in protecting personal privacy," said Hogan Lovells’ Christopher Wolf in comments provided to the IAPP. "The perception that U.S. law and regulators do not take privacy as seriously as in the EU appropriately is fading. While the frameworks of course are different, based on our different legal traditions and restrictions, there is a shared commitment to protecting personal privacy that the memorandum reflects."
Wilson Sonsini's Christopher Kuner also told the IAPP that the MOU is a significant development. "It continues the trend toward agreements between privacy enforcement authorities worldwide; for instance, in 2012 the Canadian and German federal commissioners signed a similar agreement," Kuner said. "It is particularly important given that many large multinationals have their main European establishment in Ireland, meaning that the Irish DPA is the main European enforcement authority for many leading companies. Both companies and consumers need better cooperation and coordination between data protection and privacy enforcement authorities in different countries, and bilateral memoranda like this are a good way to achieve that goal."
The MOU recognizes “the flow of personal information across borders, the increasing complexity and pervasiveness of information technologies and the resulting need for increased cross-border enforcement cooperation.” Noting that the OECD, the Global Privacy Enforcement Network’s Action Plan (GPEN) and the APEC Privacy Framework all “call for the development of cross-border information-sharing mechanisms and enforcement cooperation arrangements,” the MOU outlines specific definitions, objectives and scope, mutual assistance procedures and limitations.
The agreement is voluntary and is not intended to “create binding obligations, or affect existing obligations, under international or domestic law.”
The MOU also provides a framework for the agencies to share privacy complaints, coordinate cross-border enforcement, facilitate research and education and provide “mutual exchange of knowledge and expertise” via training programs and staff communication.
Both agencies have worked together prior to today’s agreement, specifically on the London Action Plan, an anti-spam network, and the GPEN.