There’s an interesting recent article in the NY Times about the contrasting approaches between U.S. and E.U. privacy law. From the article:
So far, American companies including financial services giants like Bank of America, Citigroup and MasterCard, and national retailers like DSW shoes and Ralph Lauren Polo, have announced data compromises. All told, the personal information of more than 50 million consumers has been lost, stolen and even sold to thieves.
Why is this happening here, and not, say, in Britain, Germany or France? One reason may be that every other Western country has a comprehensive set of national privacy laws and an office of data protection, led by a privacy commissioner.
The United States, by contrast, has a patchwork of state and federal laws and agencies responsible for data protection.
I agree with this observation. The U.S. system of privacy law is riddled with gaps and holes, and it needs considerable fixing.
The article goes on to discuss more generalizations of the E.U. vs. U.S. approach to privacy. One of the common generalizations between the E.U. and U.S. is that the E.U. is more willing to regulate personal information use by businesses rather than by the goverment, and vice versa for the U.S.
For example, the article notes:
In general, Americans are far more comfortable than Europeans with business handling their information, and far more skeptical of putting it in government hands. The tradition of making government records – like tax records, mortgage information and census data – easily accessible to the public is uniquely American.
This generalization strikes me as generally true, but consider what the article says later:
Restrictions on the commercial use of private data has also meant that data-mining interest groups never became entrenched in Europe.
This, too, has philosophical and historical roots. European data protection policies emerged in the early 1970’s, when the German state of Hesse enacted the first set of data privacy laws.
“This was still a generation with memory of World War II that knew how Nazis and fascists would use personal information against their enemies,” said Evan Hendricks, the editor of Privacy Times, an advocacy newsletter. “If you were going to protect liberty, you had to ensure there was fairness in the protection of information.”
If Germany and other E.U. countries are concerned about prior experiences with totalitarian governments using personal information, why are Americans “far more skeptical of putting it in government hands”? This question has always puzzled me. One would think that given the E.U.’s experiences last century, there would be a very strong skepticism of government uses of personal information. If the generalizations are correct, why aren’t people in E.U. countries more skeptical of government uses of personal data?
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.