Opinion

The Transatlantic Divide Over Data Privacy Rights

The following exchange occurred during a conversation between a representative of a U.S. technology company and a European data protection authority (DPA):

Company representative: Your data protection law is making it impossible for us to offer our technology in Europe!

DPA: It is your technology that has to adapt to our legal system, not the other way around!

The question of whether legal requirements should determine how technology and business models are structured, or whether the law should bend to technological and business imperatives, is at the root of the many of the differences between the EU and U.S. approaches to data privacy. And the differing status of privacy as a constitutional or human right underlies how this question is dealt with in the two systems.

There are major differences in how the two systems protect data privacy at a constitutional or human rights level. The U.S. Constitution does not mention the term “privacy”, but the Fourth Amendment protects against unreasonable searches and seizures by the government, and the U.S. Supreme Court has construed other constitutional provisions—such as the Due Process Clause of the Fourteenth Amendment—to create privacy rights in certain circumstances.

Data protection and privacy rights are explicitly recognized in the treaties that form the constitutional basis of the EU. In addition, they are protected as fundamental rights in the constitutions of various EU member states and by rulings of the highest European and member state courts.

The U.S. system protects constitutional rights only against government action, whereas in the EU the state has a duty to protect the privacy of individuals against violations by nongovernmental actors as well.

Privacy is generally protected in the U.S. as a “negative” right that obliges the government to refrain from taking actions that would violate constitutional rights; by contrast, in the EU, the state also has a constitutional obligation to affirmatively protect privacy rights.

In the U.S., by definition, a constitutional right is only protected if it can be found to derive from the U.S. Constitution. However, in the EU, human or fundamental rights—including data privacy—constitute so-called “general principles of law” that apply mandatorily even if they do not directly derive from a specific constitutional source.

These differences lead to transatlantic tensions. Americans often seek to treat data protection as a trade issue, while in the EU its status as a fundamental right means that it cannot be dealt with solely as a commercial matter—which will inevitably put the two sides on a collision course during forthcoming negotiation of the EU-U.S. Free Trade Agreement.

The constant reference in U.S. parlance to persons as “consumers” also grates on European sensitivities, which regard human beings as individuals with inalienable rights rather than merely as participants in the marketplace.

For their part, Europeans are often ignorant of the long tradition under U.S. law of protecting privacy against government intrusion. An eminent European academic has remarked to me that U.S. law has protections against governmental intrusion on privacy that the EU should envy.

Even the most respected legal commentators have sometimes been misled by differences in the EU and U.S. constitutional systems for privacy protection. For example, in his seminal 2004 article in the Yale Law Journal, Prof. James Q. Whitman argues that privacy protection in the EU is based on the protection of personal dignity—as in the sense of one’s personal honour—whereas actually its basis is the constitutional concept of human dignity—which requires respect for a person’s individual worth as a human being.

Insufficient attention has been devoted to resolving transatlantic misunderstandings over the status of privacy and data protection as a human right. For example, why do the EU and U.S. agencies negotiating data privacy matters not establish an ongoing initiative to help them better understand the basic constitutional concepts on which each other’s systems of privacy rights are based?

All this suggests that the EU and the U.S. will have to invest much more effort to increase mutual understanding of their differing systems for the protection of constitutional rights if there is to be a transatlantic accommodation on data privacy.

photo credit: Mr. T in DC via photopin cc

More from Christopher Kuner

About the Author

Christopher Kuner is Senior of Counsel in the Brussels office of Wilson, Sonsini, Goodrich & Rosati and is Honorary Fellow of the Centre for European Legal Studies, University of Cambridge, where he also teaches. His books European Data Protection Law: Corporate Compliance and Regulation (2007) and Transborder Data Flows and Data Privacy Law (2013) are both published by Oxford University Press. He is editor-in-chief of the journal International Data Privacy Law and co-chair of the Task Force on Privacy and Data Protection of the International Chamber of Commerce and has 20 years’ experience working in EU data protection law. He holds a PhD in data protection law from Tilburg University (the Netherlands), and law degrees from New York University and Notre Dame Law School.

See all posts by Christopher Kuner

Comments

  • May 20, 2013
    Cindy Compert
    replied:

    Well written- clear and concise.

  • May 23, 2013
    Caspar Bowden
    replied:

    Hi Chris

    why do you mention the Fourth Amendment? It’s an irrelevance for Europeans located in Europe worried about what happens to their data under US jurisdiction. See the debate last year in House Judiciary Ctee on FISAAA 1881a - even EPIC and ACLU did not attempt to argue the 4th protects “foreigners in foreign lands”.

    Isn’t is a rhetorical fallacy to say that because US had good protections for US persons inside the US, better in some cases that European law for Europeans in Europe, that this should offer any reassurance to Europeans about what can happen to their data when it is sent to the US?

  • June 13, 2013
    Mike Anderson
    replied:

    Hi Chris,
    In the light of the third-party doctrine, together with the recent controversial events relating to the PRISM and other US secret surveillance programs I think it is time to bury the idea that there is any significant privacy protection in the US.

    However I think you are spot on in highlighting the transatlantic divide with respect to privacy being a fundamental human right, worthy of protection against both states and commercial interest, versus a commodity.
    It goes far beyond the concept of the “worth” of a human being and shakes the very foundation of a free and democratic society when we accept that the “worth” of an individual is to be equated with their financial worth as a consumer.

    The German Constitutional Court based its milestone judgement in a significant part on the fact that intrusion into the private sphere has a chilling effect on freedom of thought, freedom of speech and the free participation in society. These are the fundamental freedoms that are now under attack for some time.

    I find it appalling to what extent the US judicial system is prepared to play word-games to “legitimize” massive abuse of fundamental rights in the interests of “the State” and “Law Enforcement” and essentially to collaborate with political/economic interests to PREVENT the exposure of state abuses of power and surveillance technology by raising the barrier of “standing” in order to prevent the veil of secrecy being penetrated and the truely shocking clandestine surveillance being exposed to the light of day.

    In the EU it is an open secret that the flow of information from US Surveillance agencies to US Industry is very much a two way street. Airbus learned about this and a previous head of the NSA openly defended industrial espionage using Echelon Data.

    What PRISM has achieved is the destruction of trust and credibility of both the US Administrations and commercial organization as a basis for transatlantic collaboration and trade. This is a high price to pay.

    I wonder what the world would look like today if the SS and Gestapo had been able to access 21-st Century surveillance technology.

    Given the existence of mega-databases such as we have today, whether this is a good or a danger to freedom depends entirely on the questions being asked and the robustness of protection of fundamental human rights.

  • June 19, 2013
    Christopher Kuner
    replied:

    Thanks to those who commented on my post. Yes, the recent PRISM revelations have certainly put these issues in a new light. regards Christopher Kuner

To post your comment, please enter the word you see in the image below:

To post your comment, please enter the word you see in the image below:

Get your free study guide now!
Get your free study guide now!