Privacy: the great EU/US debate

Searching for commonalities between two approaches to data protection
Searching for commonalities between two approaches to data protection

For either to work in a global context there needs to be transatlantic dialogue: there needs to be some commonality between the two approaches. On March 19, a high-level joint EU/US Conference on Privacy and Protection of Personal Data was hosted by the US Institute of Peace in Washington DC and held simultaneously in Brussels via video conference link. 

“This is a defining moment for global personal data protection and privacy policy and for achieving further interoperability of our systems on a high level of protection,” said a joint statement from European Commission Vice-President Viviane Reding and U.S. Secretary of Commerce John Bryson. “Both parties are committed to working together and with other international partners to create mutual recognition frameworks that protect privacy. Both parties consider that standards in the area of personal data protection should facilitate the free flow of information, goods and services across borders. Both parties recognize that while regulatory regimes may differ between the US and Europe, the common principles at the heart of both systems, now re-affirmed by the developments in the US, provide a basis for advancing their dialog to resolve shared privacy challenges.”

The comments are high on agreed targets, but low on agreed solutions. This is no surprise to many commentators who see a major and possibly insurmountable cultural difference between the two sides. “Even though the panelists went through great efforts to stress the common values and goals of the EU and U.S. policy makers,” blogged Monique Altheim, a New York-based attorney and privacy professional, “there is no denying that the European and American ‘privacy DNAs’ remain vastly different.” Her basic opinion is that ‘Americans Are from Mars, Europeans Are from Venus.’

The blogger ‘Dissent’ writing on the PogoWasRight blog puts it more succinctly. “I think that although the EU pressures the U.S. to come more into line with its laws and policies, the EU’s approach will never be satisfactory to the American mentality of ‘we have to be able to sue the shit out of people’.”

Put simply, the EU wants strict and enforceable laws while the US prefers voluntary codes policed by the FTC. European cynics believe that voluntary codes give the US administration greater freedom to apply targeted pressure to achieve changeable and sometimes contradictory ends. Americans tend to believe that privacy is a basic right that doesn’t need laws, just enforcement. Finding mutually acceptable common ground beyond the existing Safe Harbor agreement is going to be very difficult.

What’s hot on Infosecurity Magazine?