Europeans have more protection from intrusive commerce than we do here in the United States. If you lived in Europe, you could discover what businesses know about you. You could block marketers from filling your mailbox with junk, and stop
them from selling your name to other companies. However, Europeans generally have limited privacy protection from their own governments.
IN 1995, the European Union enacted a measure that requires all member countries to craft comprehensive privacy laws. E.U. official Sue Binns, a liaison to the U.S. government on privacy issues, says the European Union Privacy Directive is designed to ensure Italians have the same rights as the French. Binns says some E.U. countries with histories of repressive governments had inadequate privacy protection, and the playing field needed to be leveled.
Many Europeans and Americans believe they should be mostly free of business and government snooping. But the laws are very different. U.S. privacy laws are narrower and address specific concerns, such as medical records. The sweeping E.U. Privacy Directive allows Europeans to protect their personal data from any industry that would like to exploit it. And each country has an independent, powerful privacy czar to enforce the laws. Peter Swire is chief advisor to the White House on privacy policy.
Say you subscribe to Sports Illustrated. The magazine can sell your name and everything it knows about you to a buyer of its choosing. In Europe, Sports Illustrated would have to notify its subscribers of its intentions, and customers have the right to opt out.
Any data that can be linked to a specific person is covered. Areas most likely to be affected are human resources, accounting, Web commerce, European database info, and auditing data.
You can only use information for the original purpose for which it was collected unless you get the permission of the person or people involved.
People must have notice that information about them is being collected and have the ability to object to its use.
People must be allowed to correct erroneous information about them.
You can't shelter information in "data havens," which are usually offshore places where data is collected and used in violation of stronger protections.
European privacy law in some ways is the flip side of that of the United States. American law offers more protection from government intrusion. For example, one law prevents government agencies from sharing personal data with each other. Americans tend to put more trust in how private interests use information, and favor giving companies a chance to regulate themselves.
The E.U. Directive places more trust in government, less in commerce. Europeans are likely to think the idea of industry self-regulation is laughable, that government has to keep it honest.
Why is European privacy law so different? For one, it reflects the E.U.'s penchant for sweeping, all-inclusive laws. Jane Kirtley, professor of journalism at the University of Minnesota and an expert on privacy issues says Europeans are less likely to worry about Big Brother.
Joel Reidenberg of Fordham University says the E.U. Directive is having an effect on this side of the Atlantic.
Business interests in the U.S. have worried the E.U. Directive could wreak havoc with electronic commerce, because it bars companies doing business in Europe from transmitting personal data to countries that don't guarantee comparable privacy protection, like the U.S. Officials from the E.U. and
the U.S. Commerce Department say they will likely reach a compromise that will protect both American businesses with European customers, and the privacy of those European consumers.
Binns: There are a number of member states in the European Union which have had non-democratic governments in living memory. East Germany is now part of the whole of Germany. The Greeks, the Spaniards, the Portuguese have all had regimes in living memory that have not respected the rule of law and have been dictatorial rather than democratic.
Read more about the European Privacy Directive from Peter Swire, chief advisor to the White House on privacy policy.
Swire: In Europe, privacy is seen as a human right. Your individual data is protected by human rights. In the United States, there's often the legal treatment of the data as it belongs to the company. If you do a transaction with the company, the company uses that information for its next transaction, it sells the information to who it wants to.
Many privacy advocates in the U.S. say it's time to use the European model here. Joel Reidenberg is a law professor at Fordham University in New York City.
Highlights of the EU directive:
Reidenberg: In the United States today, citizens have very little protection against information trafficking, and it is occurring in both alarming and outrageous fashions. You can buy lists of people with particular medical ailments. I can buy lists of nursery school children organized by their parents' religions. I mean it's just astounding what kind of information is for sale in the United States, that citizens have no legal right to stop. That's not the situation in Europe because of their data privacy laws.
Kirtley: It's the difference between being suspicious of government and believing that government is the answer to all ills, and frankly, my own view is that the American idea is to say, with a raised eyebrow, "Why do you want this power, government, and what is it that you intend to do with it?" And you're asking me to believe that. I'm skeptical about that.
Reidenberg: The existence of the directive, I think, has had a major influence on the privacy debate in the U.S. It has woken up, in many ways, large U.S. companies that are operating globally to the need to have effective privacy protection.