Suchergebnisse

Administrative agencies increasingly rely on technology to achieve substantive goals. Often this technology is employed to collect, exchange, manipulate and store personally identifiable information, raising serious concerns about the erosion of personal privacy. Congress has recognized this problem. In the E-Government Act of 2002, it required administrative agencies to conduct privacy impact assessments (PIAs) when developing or procuring technology systems that handle personal information. Despite this new requirement, however, agency adherence to privacy mandates is highly inconsistent. In this paper, we ask why. We first explore why both process requirements and traditional means of political oversight are often weak tools for ensuring that policy reflects privacy commitments. We then consider what factors might, by contrast, promote agency consideration of privacy concerns. Specifically, we compare decisions by two federal agencies - the Department of State and the Department of Homeland Security - to use RFID technology, which allows a wireless-access data chip to be attached to or inserted into a product, animal, or person. These two cases suggest the importance of internal agency structure, culture, and personnel, as well as alternative forms of external oversight, interest group engagement, and professional expertise, as important mechanisms for ensuring bureaucratic accountability to the secondary privacy mandate imposed by Congress. The analysis speaks to debates in both public administration and privacy protection. It implicates disputes over the efficacy of external controls on bureaucracy, and the less-developed literature on opening the black box of administrative decisionmaking. It further offers insight into pre-conditions necessary to advance privacy commitments in the face of social and bureaucratic pressure to manage risk by collecting information about individuals. Finally, it offers specific proposals for policy reform intended to promote agency accountability to privacy goals.

Barely a week goes by without a new privacy revelation or scandal. Whether by hackers or spy agencies or social networks, violations of our personal information have shaken entire industries, corroded relations among nations, and bred distrust between democratic governments and their citizens. Polls reflect this concern, and show majorities for more, broader, and stricter regulation -- to put more laws "on the books." But there was scant evidence of how well tighter regulation actually worked "on the ground" in changing corporate (or government) behavior -- until now. This intensive five-nation study goes inside corporations to examine how the people charged with protecting privacy actually do their work, and what kinds of regulation effectively shape their behavior. And the research yields a surprising result. The countries with more ambiguous regulation -- Germany and the United States -- had the strongest corporate privacy management practices, despite very different cultural and legal environments. The more rule-bound countries -- like France and Spain -- trended instead toward compliance processes, not embedded privacy practices. At a crucial time, when Big Data and the Internet of Things are snowballing, Privacy on the Ground helpfully searches out the best practices by corporations, provides guidance to policymakers, and offers important lessons for everyone concerned with privacy, now and in the future.

The benefits of overseas outsourcing have come at a cost. Americans enjoy unprecedented levels of safety and security in the domestically-produced goods they use, food and drugs they ingest, and services they employ. Yet as U.S. firms increase the efficiency of their production, become more competitive globally, and offer better price-quality combinations to their customers by contracting with foreign companies for the production of goods and the provision of services, the mix of economic, legal, and societal forces that serve to protect consumers changes. Widespread revelations of Chinese-manufactured toxic toys and toothpaste, tainted food and drugs from abroad, and the failure of foreign call centers to protect the privacy of U.S. consumer data all illustrate the challenge for domestic governance. Though international trade in goods and services provides clear economic benefits, it can also frustrate consumer protection efforts. This paper provides a conceptual framework for understanding the mix of regulatory elements that govern domestic production of goods and services, and for understanding the ways in which international trade changes that mix. Specifically, it distinguishes between two types of domestic regulation—the first targeting the process by which goods are produced and services provided, and the second mandating particular outcomes. Foreign production disables the first type of regulation and weakens the second. Protecting domestic consumers in a globalized market, then, will frequently require the development of "substitutes" – including regulation by foreign governments and private regulators — for domestic forms of governance that are ineffective abroad. We propose a novel and necessary solution for addressing the threat posed by the foreign production of goods and provision of services to consumer welfare. Specifically, we make the case that the best "substitute" for domestic regulation will often be oversight of safety issues by U.S. partners in global trade. To provide incentives to domestic firms U.S. regulators should make those firms legally accountable for harmful products that make it to the United States Furthermore, they regulations should discriminate between domestic and foreign activity in regulation requiring safe outcomes, imposing higher penalties for violations of safety norms when production has taken place abroad.

Contrary to a suggestion by Professors Matthew Stephenson and Adrian Vermeule ("Chevron has Only One Step," forthcoming in Va. L. Rev.), Chevron v. NRDC's model for judicial review of agency interpretations of regulatory statutes involves two "steps" – and for good reason. The two-step analysis provides a framework for allocating interpretive authority in the administrative state, by separating those questions of statutory implementation assigned to independent judicial judgment (Step One) from those regarding which courts' role is limited to oversight of agency decisionmaking (Step Two). At Chevron's first step, courts should begin by identifying whether congressional instructions clearly either require or preclude a choice the agency has made or, instead, whether the agency's choice falls within a range of possibilities permitted by language that Congress has left ambiguous. Agency interpretations that do not fall within the zone of indeterminacy permitted by the statute's language must be struck down. Once courts determine, however, that the existence of ambiguity has placed primary authority for a matter in agency hands, and that the scope of that ambiguity permits the agency choice, the judicial role moves from decision to oversight, and thus to Chevron's second step. At this step, Section 706(2) of the Administrative Procedure Act sets the general standard, and courts inquire as to whether the agency's judgment on a matter within its delegated authority is "reasonable."