There are narrow laws that protect dignity in the U.S., such as the Video Privacy Protection Act, quickly passed in 1988 after a newspaper published the video rental records of Judge Robert Bork during his heated Supreme Court nomination hearings.

And often state legislatures have been aggressive in passing legislation protecting personal information.

Story continues below ↓

California’s 2003 data breach notification law, which requires companies to tell consumers when there personal information has been lost or stolen, and similar laws subsequently enacted in other states are directly responsible for the public disclosure of dozens of data leaks and about 90 million consumer notifications.

To George Washington University professor Daniel Solove, that distinction is really the greatest difference between the privacy approaches in Europe and the U.S.

“U.S. law has arisen haphazardly, in reactive fashion,” Solove said. “The U.S. system is more fractured than other countries, so it’s harder to pass broad, all-encompassing legislation. There are so many industries with well-paid lobbyists ready to pounce, the minute you propose anything of any breadth you are inundated with whiny companies that come in and shout ‘Not me. not me.’ … It’s easier to do something pretty narrow and go after the ‘now’ problem and limit the amount of companies that are angry at you.”

It’s really 26 EU nations vs. 50 states
Talk of “European privacy law” also is a generalization. The European Privacy Directive is a guideline for EU nations, but each has its own national law and an agency that interprets that law. There are major variations from country to country, says Ashley Winton, an international privacy law expert in White & Case law firm’s London office.

“The directive talks about obtaining explicit consent from data subjects (before data is shared),” he said. “In Germany, they are very strict about what that means. They want a little bit of paper with real ink on it.” Other nations accept far simpler methods for consent, he said.

Winton’s White & Case counterpart in New York, international privacy lawyer David Bender, is skeptical of the EU approach, which he says hamstrings companies trying to do business in Europe with unmanageable red tape.

For example, can a U.S.-based cell phone user traveling in Europe talk to a customer service agent there without first giving written permission for a case to be entered in a database?

The regulations governing the passage of information from Europe to the U.S. are often so strict that many companies largely ignore them.

“In all my years of practice I have never heard clients come in and say, ‘OK, what do I have to do to be 70 percent compliant?’ I hear that now,” he said.

The bigger question, Bender argues, is whether the additional protections and regulations result in Europeans enjoying more privacy than Americans.

The answer is “no,” he said, pointing to a study this year by the Ponemon Institute that was commissioned by White & Case. The study found that U.S.-based multinational firms scored higher than their European counterparts on five of eight common privacy practices, including having a dedicated privacy officer and better computer data security.

Privacy law: Not the product of logic
Other privacy experts are skeptical of such measurements. After all, if privacy as a concept is hard to define, quantifying levels of privacy seems almost impossible.

“How do you assess whether there is a greater privacy protection or not (in Europe),” Solove said. “To what extent do people have rights? It’s hard to measure.”

Some U.S. privacy experts are less bashful in their support of Europe’s legal privacy framework. Marc Rotenberg at the Electronic Privacy Information Center and other privacy advocates regularly call for adoption of similar comprehensive U.S. privacy laws, including the right to challenge the accuracy of personal information companies hold.

But given the difficulty Congress has had passing any privacy-related legislation, it’s hard to imagine it will opt for an “all for one, one for all” approach with Europe any time soon.

Earlier this year, after it was reported that a blogger purchased presidential candidate Gen. Wesley Clarke’s cell phone records online for about $100, lawmakers churned out outraged press releases, held nearly a dozen hearings, convened an investigative panel and introduced several bills aimed at restricting the practice. None has been adopted.

While the debate was going on, investigators working for Hewlett-Packard were lying about their identities to obtain reporters’ phone records. And when that news finally broke, there were more hearings and extensive debate over whether or not the act of lying to get phone records was illegal. Again no action was taken.

As a result of such reluctance, people on both sides of the Atlantic are likely to live with two very different privacy regimes for some time. But perhaps that’s not surprising, given the disparate foundations from which they spring.

"Privacy law is not the product of logic,” Whitman reminds readers. “Nor for that matter is it the product of experience. It is the product of local social anxieties and local ideals.

“In the United States those anxieties and ideals focus principally on the police and other officials, and around the ambition to secure the blessings of liberty; while on the continent they focus on the ambition to guarantee everyone’s position in society, to guarantee everyone’s honor.”

READ PART 4

Where the rubber meets the road in the privacy debate

< Prev | 1 | 2 | 3

Discuss Story On Newsvine
Rate Story:
View popularLowHigh
Email
Instant Message
Print