Thursday, August 11, 2005
Privacy Law in the U.S. v. E.U.
There's an interesting recent article in the NY Times about the contrasting approaches between U.S. and E.U. privacy law. From the article:
So far, American companies including financial services giants like Bank of America, Citigroup and MasterCard, and national retailers like DSW shoes and Ralph Lauren Polo, have announced data compromises. All told, the personal information of more than 50 million consumers has been lost, stolen and even sold to thieves.
Why is this happening here, and not, say, in Britain, Germany or France? One reason may be that every other Western country has a comprehensive set of national privacy laws and an office of data protection, led by a privacy commissioner.
The United States, by contrast, has a patchwork of state and federal laws and agencies responsible for data protection.
I agree with this observation. The U.S. system of privacy law is riddled with gaps and holes, and it needs considerable fixing.
The article goes on to discuss more generalizations of the E.U. vs. U.S. approach to privacy. One of the common generalizations between the E.U. and U.S. is that the E.U. is more willing to regulate personal information use by businesses rather than by the goverment, and vice versa for the U.S.
For example, the article notes:
In general, Americans are far more comfortable than Europeans with business handling their information, and far more skeptical of putting it in government hands. The tradition of making government records - like tax records, mortgage information and census data - easily accessible to the public is uniquely American.
This generalization strikes me as generally true, but consider what the article says later:
Restrictions on the commercial use of private data has also meant that data-mining interest groups never became entrenched in Europe.
This, too, has philosophical and historical roots. European data protection policies emerged in the early 1970's, when the German state of Hesse enacted the first set of data privacy laws.
"This was still a generation with memory of World War II that knew how Nazis and fascists would use personal information against their enemies," said Evan Hendricks, the editor of Privacy Times, an advocacy newsletter. "If you were going to protect liberty, you had to ensure there was fairness in the protection of information."
If Germany and other E.U. countries are concerned about prior experiences with totalitarian governments using personal information, why are Americans "far more skeptical of putting it in government hands"? This question has always puzzled me. One would think that given the E.U.'s experiences last century, there would be a very strong skepticism of government uses of personal information. If the generalizations are correct, why aren't people in E.U. countries more skeptical of government uses of personal data?
TrackBack URL for this entry:
Listed below are links to weblogs that reference Privacy Law in the U.S. v. E.U. :
I think the answer might be quite simple: Americans are much more trusting of business than Europeans. Obviously, our stronger tradition of federalism plays a part as well.
Posted by: Jeff V. | Aug 11, 2005 7:44:55 PM
I certainly agree that Americans have a much more laissez faire attitude toward business than Europeans do. But I'm curious why the European experience last century with the horrors of totalitarianism didn't lead Europeans to adopt a deeply skeptical attitude toward government information gathering and law enforcement.
Posted by: Daniel Solove | Aug 11, 2005 7:52:26 PM
Dan, I don't know the answer to your question, but I was intrigued by Chris Hoofnagle's quote: "If you ask someone from another country, they will resist . . . . Ask a French person their phone number, and they will ask you why. Americans don't ask why at all." I think this might explain more than the difference in laws; my impression is that European privacy laws, while stricter in theory, are not more actively enforced than US laws.
Posted by: Bruce | Aug 12, 2005 12:34:51 AM
I think that the mandatory disclosure laws (Ca 1386 and its descendants) also play a major part, and such laws in Europe and Canada might be very revealing about the effectiveness of those laws.
Posted by: Adam Shostack | Aug 12, 2005 2:12:15 PM
Hey Dan! I've never quite understood the generalization that Americans don't mind commercial collection of info, but are troubled by the government databases. I think it is more of a reflection of lobbying power than what Americans believe. In some polls, such as this April 2001 study by the First Amendment Center and ASNE, respondents reported that they distrusted the private sector just as much as the public. Here's my summary on EPIC.org:
The ASNE/FAC study showed that individuals feared both commercial-sector and government invasions of privacy. 51% were "very concerned" and 30% were "somewhat concerned" that a company might violate their personal privacy. 50% were "very concerned" and 30% were "somewhat" concerned that government might violate their personal privacy.
19% were aware that a private company had misused their personal information.
7% were aware that the government had misused their personal information.
52% reported that they had "very little" or "no confidence at all" that private companies use personal information exactly the way they said they would.
40% reported that they had "very little" or "no confidence at all" that the government uses personal information exactly the way they said they would.
86% were concerned about private companies selling their personal information.
86% were concerned about the government selling their personal information.
70% had refused to give information to a company because it was too personal.
62% had asked to have their name removed from marketing lists.
71% believe that is acceptable for privacy laws to hinder marketers in their attempts to reach customers.
Posted by: Chris Hoofnagle | Aug 14, 2005 11:34:21 PM
The comments to this entry are closed.