Bridging the EU-U.S. Privacy Gap
Privacy has always been a difficult concept to define, and privacy issues are complex.
For Europeans, privacy is a human right, while for Americans, privacy tends to be about liberty. It’s often thought that the Holocaust and the rise of totalitarianism in 20th-century Europe have been the catalysts behind the region’s strong privacy and data protection regimes.
A recent book by Edwin Black, in detailed research, examines Nazi Germany’s use of the computer’s forebear to aid in systematic genocide. These Hollerith machines and punch cards helped the Third Reich organize and carry out the atrocities of the Holocaust. And in post-war Europe, the widespread use of surveillance and coercion informed and empowered the Stasi, the KGB and other totalitarian enforcers.
But is that the real reason the U.S. and Europe have such seemingly differing cultural constructions of privacy?
My interest was piqued when I heard from U.S. Department of Commerce General Counsel Cameron Kerry. He has been instrumental in anchoring talks with the EU on privacy codes of conduct and global interoperability. He pointed out that Europe tends to be stricter with businesses concerning data protection than the U.S., while, conversely, the U.S. tends to be stricter with government agencies concerning privacy.
If the current European framework reflected recent history, the tables should be turned, right?
James Q. Whitman, in an article for Yale Law School, offers an alternative analysis. The European approach, he argues, has developed from the idea of human dignity, stretching far back to the 17th and 18th centuries, long before the Second World War and the rise of totalitarianism. He writes, “The core continental privacy rights are rights to one’s image, name and reputation.” America, Whitman contends, “is much more oriented toward values of liberty, and especially liberty over (and) against the state.”
The recent research of Dierdre Mulligan and Kenneth Bamberger also supplies interesting fodder for such a discussion. In one example, their research shows that current German data protection officers and their American counterparts are surprisingly similar in their “on-the-ground” approach to private-sector data protection—even though U.S. and German regulatory structures are constructed differently.
So why similar privacy practices under such different legal regimes?
It would seem that one connecting principle is the hard work of privacy pros on both sides of the Atlantic. They are the ones committed to the day-to-day problem-solving, educating and consensus-building in their organizations. Perhaps our lawmakers need to listen more readily to privacy professionals in order to craft more sensible privacy legislation.
Though Europeans and Americans (not to mention other citizens across the globe) may have different conceptions of what privacy means, it seems clear that those working “on the ground” in the privacy profession could help bridge that gap.
Note from the Editor:
Kenneth Bamberger will discuss his "privacy on the ground" research in the breakout session Dubunking Myths of European and U.S. Privacy: New Data on Corporate Privacy Management at the IAPP Data Protection Intensive, April 23-25 in London, UK.
About the Author
J. Trevor Hughes is the President and CEO of the International Association of Privacy Professionals (IAPP), the world’s largest association of privacy professionals.
Hughes is an experienced attorney in privacy, technology and marketing law. He has provided testimony on privacy issues before several committees within the U.S. Congress, British Parliament and EU Parliament.
Hughes previously served as the executive director of the Network Advertising Initiative and the Email Sender and Provider Coalition. He is an adjunct professor of law at the University of Maine School of Law and frequently speaks about privacy issues at conferences around the world.