How does the United States rank among countries in privacy protection? Practically at the bottom according to a ranking by Privacy International, a UK-based privacy advocacy group. The ranking is based on Privacy and Human Rights, an annual report about privacy laws around the world published by Privacy International and the Electronic Privacy Information Center. Here’s the ratings table and here’s the briefing paper for the table. Unfortunately, every time I try to access the PDF file of the briefing paper that explains the rankings, it not only fails to load, but it also crashes my browser, whether Firefox or Explorer.
The press release for the rankings states:
Conversely, the rankings indicate which countries are the worst privacy offenders – the emerging surveillance societies. The report measures the extent of information available to authorities about citizens and the many ways that data is used. Categories include police data, DNA, visual surveillance and identity card technology. These are measured alongside against legal and constitutional protections.
Below are some key findings. (Please note that “worst ranking” and “lowest ranking” denotes countries that exhibit poor privacy performance and high levels of surveillance.)
* The two worst ranking countries in the survey are Malaysia and China. The highest-ranking countries are Germany and Canada.
* In terms of statutory protections and privacy enforcement, the US is the worst ranking country in the democratic world. In terms of the health of national privacy protection, the US has been ranked between Thailand and Israel.
* The worst ranking EU country is the United Kingdom, which fell into the “black” category along with Russia and Singapore. The black category defines countries demonstrating “endemic surveillance”.
* Despite having no comprehensive national privacy law, the United States scored higher than the UK. Thailand and the Philippines also scored higher than the UK.
* Argentina scored higher than 20 of the 25 EU countries.
I’m quite skeptical of rankings, which are often attention-grabbing at the expense of being particularly accurate or useful. After all, it’s hard to reduce everything to a uniform system. One country may protect one dimension of privacy well but others poorly. Which counts more? So I think we could analyze countries, say, on which has more stringent regulation of government access to business records or on which has greater rights of citizens to access their personal data. We can compare countries on whether they have a privacy protection agency. But how much does this factor into overall privacy protection? A privacy agency, for example, can exist in name but exercise little substantive power. The larger point is that general privacy rankings are hard to do since privacy protection involves so many different dimensions. It would help if I could access the explanatory memo for the rankings, which will hopefully work at some point. That said, I strongly believe that US privacy protections are in great need of improvement and that many other countries have protections that strike me as more desirable than those in the US.
UPDATE: Kevin Jon Heller’s post at Opinio Juris also examines the report, and he has more data from it, including the ranking and scores of each country, as well as the criteria that went into the scoring.
Originally Posted at Concurring Opinions
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.