‘La difference’ is stark in EU, U.S. privacy laws

Bob Sullivan Technology correspondent • Profile • E-mail

It started, some say, with Alexandre Dumas, famed French author of “The Three Musketeers.”

Dumas was an aging French literary star when he embarked on a somewhat scandalous love affair with Adah Isaacs Menken, a 32-year-old Texas actress. Entranced with the still-young technology of photography, the two posed for clearly scandalous photographs. The photographer, smelling a quick profit, set out to sell them, and Dumas sued. 

A Paris appeals court quashed this early paparazzi moment. In a ruling that sounds quaint to the modern American ear, the court decided that posing for the photographs did not mean Dumas and Menken had surrendered their rights to privacy and dignity, even if they consented to do just that during a heady romantic moment. These rights trumped any commercial property rights the photographer might have claimed, the court said.

“Any sale by a person who had momentarily ‘forgotten his dignity’ had to remain effectively voidable,” Yale law professor James Whitman wrote of the ruling in a paper titled “The Two Western Cultures of Privacy: Dignity versus Liberty.” “One’s privacy, like other aspects of one’s honor, was not a market commodity that could simply be definitively sold.”

European courts and lawmakers have been wrestling with the implications of technology and privacy ever since, often coming to conclusions that are foreign to their American counterparts.

In Europe, privacy is different
Some of those rulings might seem like a panacea for Americans who believe their privacy is slowly slipping away

In many parts of Europe, for example:

• Personal information cannot be collected without consumers’ permission, and they have the right to review the data and correct inaccuracies.
• Companies that process data must register their activities with the government.
• Employers cannot read workers’ private e-mail.
• Personal information cannot be shared by companies or across borders without express permission from the data subject. 
• Checkout clerks cannot ask for shoppers’ phone numbers. 

Those rights, and many others, stem from The European Union Directive on Data Protection of 1995, which mandated that each EU nation pass a national privacy law and create a Data Protection Authority to protect citizens' privacy and investigate attacks on it.

National laws come in several flavors, and emanate from varied traditions. But taken together, they are the backbone of a basic European principle: Privacy is a human right.

In this clear declaration, Europe ventures far from the patchwork approach taken by U.S. lawmakers. But a privacy heaven, it's not.

European trust government more
With those privacy protections come other, curious laws and regulations that would fluster most Americans.

Authorities in some European countries can veto a parent's choice for their baby's name in the name of preserving dignity, for example. Government officials also often cloak themselves in dignity to limit freedom of the press and evade public scrutiny.

Most important, while companies face severe regulations limiting their use of consumers' personal information, governments are largely exempt from such limitations. While the use of credit reports is rare in Europe, wiretapping is not. In the Netherlands, for example, wiretaps are 130 times more common than in the U.S. Many Europeans carry some kind of national ID card, still unthinkable for many in the U.S. In Germany, every citizen and long-term visitor must register his or her address with the police.

The reason that privacy laws in Europe and the U.S. are so different springs from a basic divergence in attitude: Europeans reserve their deepest distrust for corporations, while Americans are far more concerned about their government invading their privacy.

As a result, U.S. federal agencies have been given little power to limit the potentially privacy-invading behaviors of private companies. The Federal Trade Commission, the agency charged with protecting U.S. citizens from such intrusions, rarely acts against U.S. firms. When it does, its remedies are generally limited to small fines and out-of-court settlements.

Each European nation, on the other hand, has its Data Protection Authority to monitor corporate behavior. Consumers can appeal to the authority, which in some countries boasts far-ranging subpoena power. Fines for misbehavior are common.