PDP - Expert Comment On Data Security

The European Union regards the United States as being 'inadequate' when it comes to data protection. Europeans have tended to take this at face value and presume that there must be a good reason why the European Commission has come to such a radical conclusion. Americans, naturally enough, tend to take unkindly to being told they are inadequate, particularly when it implies that their democracy has failed to protect a fundamental right, like the right to privacy. So who is right?

Contrasting perspectives

There is relatively little probing debate about the legitimacy of the EU's view of US data protection laws. Instead, the high level debate in the EU tends to comprise fairly generic references to the United States not having a 'culture' of privacy, the bemoaning of any US federal data protection laws and an underlying suspicion that the US Patriot Act and other US security and anti-terror legislation is being used in a manner that tramples on the privacy rights of any person who has their data processed on a US server.

For its part, the US perspective often focuses on the existence of sector-specific privacy laws in the US, the vagueness of the EU data protection principles and their practical impact on the free movement of data (and therefore on innovation and commerce). US multinationals also point to the fragmented approach to the interpretation and enforcement of the existing EU Data Protection Directive across the EU's 27 Member States.

The contrast in the views of the two sides were captured succinctly in a recent New York Times article which featured the following quote from Cameron F. Kerry, General Counsel of the US Commerce Department:

"The sum of the parts of US privacy protection is equal to or greater than the single whole of Europe."

The next paragraph of the same article contained a quote from Peter Hustinx, the EU Data Protection Supervisor:

"Yes, we share the basic idea of privacy. But there is a huge deficit on the US side".

Trade implications

The underlying distrust between the two sides manifests itself regularly, for example in the case of the transfer of passenger name records to the US from European airlines, Google's ability to change its privacy policy on a global basis and, most recently, in the debate about the proposed EU Data Protection Regulation. On a broader economic level, the differences between EU and US privacy laws are being quoted as one of the major stumbling blocks to the current EU-US negotiations on...