The following exchange occurred during a conversation between a representative of a U.S. technology company and a European data protection authority (DPA):
Company representative: Your data protection law is making it impossible for us to offer our technology in Europe!
DPA: It is your technology that has to adapt to our legal system, not the other way around!
The question of whether legal requirements should determine how technology and business models are structured, or whether the law should bend to technological and business imperatives, is at the root of the many of the differences between the EU and U.S. approaches to data privacy. And the differing status of privacy as a constitutional or human right underlies how this question is dealt with in the two systems.