It is not often that a law governing privacy of personal information stimulates international controversy, but that is what has happened with the European Union's proposed data protection law. The regulation, which was announced with fanfare in January 2012, would further increase the already strict restrictions on the collection and use of personal data in the E.U. through a uniform law applying to all twenty-seven EU member states
The law would also give Europeans a “right to be forgotten” which would allow them to request erasure of personal data, even if the data is in the hands of a third party. As E.U. Justice Commissioner Viviane Reding has stated, the right to be forgotten is designed to give Europeans greater control over their own data so as to avoid the “huge impact” that “even tiny scraps of personal information,” such as postings on social networking sites, may have on personal privacy.
A recent proposed amendment to the regulation from the European Parliament Committee on Civil Liberties, Justice and Home Affairs, headed by German Green Party Member Jan Albrecht, would further tighten consumer control over personal data. Under Albrecht's proposal, companies would not be allowed to rely on consumer consent to use data if they were in a “dominant market position with respect to the products or services offered.”
The Albrecht report would also prohibit the use or sale of personal data for purposes such as online advertising based on consumer preferences and behavior without explicit consent of the individual concerned. The amendments, which would extend to many U.S. based Internet companies, could cut off such familiar practices as targeting advertisements based on individual browsing histories.
The proposed European privacy regulation is starkly different from U.S. privacy laws. Unlike Europe, the U.S. has no comprehensive privacy law governing collection and processing of personal data. The U.S. instead has laws governing certain types of personal information, such as health care or financial data, or particular segments of society, such as children under thirteen.
Although the Obama administration in 2012 proposed a Consumer Privacy Bill of Rights that would provide baseline privacy protections for the online world, the proposal has yet to be embodied in legislation and may face an uphill battle in Washington. There is also considerable resistance to European-style privacy legislation in the U.S. on the grounds that it is overly prescriptive and hampers innovation.
It is thus not surprising that U.S. technology and software companies have been among the chief critics of the E.U. proposal. For example, the Industry Coalition for Data Protection, which represents the interests of leading business organizations in Europe, charged that amendments proposed by the Albrecht committee would undermine “innovation and entrepreneurship in Europe.”
Facebook's head of E.U. policy, Erika Mann, similarly criticized the report as contrary to “a flourishing European digital single market and the reality of innovation on the Internet—which is inescapably global in nature.”
The Obama Administration has also weighed in on the proposed E.U. regulation, expressing concern that the law would erect barriers to the free flow of information between the U.S. and E.U. Speaking at a conference celebrating European Data Protection day in Berlin on January 28, 2013, a U.S. embassy official stated that the European Union's proposed regulation, including the “right to be forgotten,” could potentially kindle a trade war between Europe and the United States by hampering the free flow of billions of Euros worth of data.
ACLU supports Europe's approach
The proposed European regulation does have its supporters, including U.S. consumer and civil liberties organizations, such as the American Civil Liberties Union. In a February 4, 2013 letter to the U.S. Attorney General and other officials, a coalition of these groups stated that “Europeans and Americans have very similar concerns about the need for privacy protection” and urged that privacy laws in both the U.S. and Europe be updated to increase consumers’ rights.
There is also some evidence to support the view that U.S. consumer attitudes are not that different from those of their European counterparts in regard to privacy. A recent study by the global analyst firm Ovum indicates that 77 percent of U.S. Internet users would choose a “do-not-track” option when using a search engine to inhibit targeting based on personal information, as compared to 81 percent of French, 71 percent of United Kingdom, and 69 percent of German Internet users.
Consumer attitudes do not translate into action, particularly where consumers obtain free services in return for providing personal information to Internet companies. But these attitudes indicate that the debate over the advisability of European style privacy laws will continue to play out not only in the E.U., but in this country.