“You Just Don’t Understand”: The Current EU–U.S. Privacy Battles

For someone who has received his legal education in both the EU and the U.S., and has long worked in both worlds, the current political skirmishes between the two concerning the proposed EU data protection reform have been both entertaining and disappointing. Entertaining, since observing the two largest political and economic entities in Western world engage in a game of one-upmanship over which has the best system for privacy and data protection can often be amusing. Disappointing, because it is obvious that each side has an imperfect understanding of each other’s system, and because the energy they have been putting into such tit-for-tat battles could be better spent trying to reach an accommodation between them.

Among the highlights of these battles reported in the press have been a statement by a European NGO that the lobbying over the reform is the most intense ever seen in Brussels or even Washington and a veiled threat by a U.S. government representative that the reform could lead to a trade war. One wonders under what metric anyone could compare the intensity of current lobbying with other controversial legislative initiatives in Brussels and Washington over the past few decades, and what constructive purpose is served by threatening a trade war at the time of the greatest economic crisis since World War II.

The root of these problems is that, despite statements by the EU and the U.S. about how much they want to work together, neither of them actually understands the other’s system of privacy and data protection. The EU system is based on fundamental rights protections and civil law concepts that are profoundly different from those under U.S. law (which does not provide any constitutional protections to data processing by the private sector), and suffers from a lack of harmonization among 27 member state laws and numerous EU legal instruments.

With regard to the U.S. system, as Prof. Daniel Solove put it, “U.S. privacy law is so muddled that it can’t provide clear answers about how most types of data are protected.” Prof. Fred Cate has recently described the U.S. Supreme Court’s privacy jurisprudence as “confused and disjointed”. If U.S. experts can’t make sense of their own privacy law, how are Europeans expected to do so?

All this has led to a mutual blame game that has not covered either side in glory.

EU officials have expressed “shock” at the level of U.S. lobbying surrounding the data protection reform, as if intense lobbying has not been an accepted part of the legislative game in Brussels since time immemorial (and why shouldn’t governments and companies from outside the EU make their views known, since the reform will have a profound effect on them?).

For their part, the U.S. government and U.S. companies seem to assume that the more pressure they put on European policymakers the better, perhaps because this is what is expected in Washington. In fact, the best way to affect the legislative debate in Brussels is through carefully-crafted proposals based on compelling arguments under EU law, not a blunderbuss approach that rails against threats to U.S. business models and is ultimately counterproductive (if the final texts of the data protection reform package are not to their liking, U.S. parties will have themselves partially to blame).

The tragedy of all this is that, despite profound differences, the EU and the U.S. really do have much in common when it comes to a desire to protect personal data and privacy, and face common threats from ascendant powers (e.g. China) in this regard. If the two were willing to tone down their rhetoric and try to understand in a more thoughtful way the similarities and differences of how their two legal systems protect personal data, they might discover that working together to protect privacy was easier than they thought.

Having become increasingly cynical over the last 20 years about the ability of the two sides of the transatlantic data privacy debate to engage in a constructive dialogue, I do not expect this to happen any time soon, but I would be happy to be proved wrong.

More from Christopher Kuner

About the Author

Christopher Kuner is Senior of Counsel in the Brussels office of Wilson, Sonsini, Goodrich & Rosati and is Honorary Fellow of the Centre for European Legal Studies, University of Cambridge, where he also teaches. His books European Data Protection Law: Corporate Compliance and Regulation (2007) and Transborder Data Flows and Data Privacy Law (2013) are both published by Oxford University Press. He is editor-in-chief of the journal International Data Privacy Law and co-chair of the Task Force on Privacy and Data Protection of the International Chamber of Commerce and has 20 years’ experience working in EU data protection law. He holds a PhD in data protection law from Tilburg University (the Netherlands), and law degrees from New York University and Notre Dame Law School.

See all posts by Christopher Kuner


  • March 03, 2013

    You miss a fundamental point: US interests are fence sitters, this is our European democracy where we set the rules of the market and we govern us. Unfortunately the US corporations don’t get that they are not part of the European constituency and not invited to meddle with our legal rules and principles.

    Europe suffered from the large financial crisis because of defunct Washington financial market regulation. You may call it a working privacy regulation in the US, fine, we don’t and if you want to trade with us abide by our standards and respect our jurisdiction. We are not convinced by an American softy law approach and we don’t want to become the US bad bank anymore because US politicians lack the guts to enforce adequate banking rules and privacy protection.

    Actually it is very simple, when you lobby to weaken privacy protection for the sake of commercial interests that is a hostile act against the rights of our citizens we aim to protect and enforce.

  • April 03, 2013
    Brock Rutter

    Although I don’t have 20+ years of experience as does Prof. Kuner, isn’t the current level of privacy protection in the United States in constant danger of dissipating? For example, a rethinking of what is “unfair” or “deceptive” at the FTC - perhaps brought about by a change in the Commission’s membership or changing political tides in Washington - could cause an overnight evaporation of privacy enforcement (could it not?) Isn’t Europe’s hard-wired protection afforded by hard-to-change directives (and soon a regulation) and enforced by independent DPAs built more built to last?

To post your comment, please enter the word you see in the image below:

To post your comment, please enter the word you see in the image below:

Get your free study guide now!
Get your free study guide now!