Which Regime Offers More Actual Privacy -- US or EU?

Which Regime Offers More Actual Privacy -- US or EU?

 by David Bender


Introduction. For decades the conventional wisdom has been that actual privacy levels are higher in the EU than in the US, a proposition that many, even in the US, seem to accept as Gospel. This bit of conventional wisdom bears scrutiny.

The EU adopted a Data Protection Directive (the "Directive") in 1995, and each EU Member State dutifully created a governmental data protection entity (a "DPA") and, more or less, attempted to induce compliance. The EU has introduced a draft Regulation intended to replace that Directive. And one branch of EU government resoundingly passed a resolution calling for termination of the EU-US Safe Harbor program. Thousands of US companies have been importing personal information from the EU under Safe Harbor since 2000.

Moreover, the EU way of handling privacy -- an omnibus law implemented and enforced by enterprising DPAs -- seems to be making headway internationally as a model. But is it the only privacy model – or even the best? Few bother to raise this question as the EU privacy model slowly creeps its way around the world. But a critical tacit -- and possibly vulnerable -- assumption underlies the growing consensus that the EU privacy regime is the way to go: the assumption that it generates greater actual privacy levels than alternatives. To pose the issue differently, where the rubber meets the road, does this system of omnibus laws and DPAs translate into greater actual privacy than do other systems?

On the DefensiveFor the past two decades, when it comes to privacy vis-à-vis the EU, the United States has found itself on the defensive. This resulted largely from passive general acceptance of three contentions that have taken on the aura of essential truths:

•   "Omnibus" privacy laws are superior to "sectoral" laws.
•   Aside from reliance on sectoral laws, US privacy law is "inadequate".
•   And more recently, US intelligence surveillance that vacuums up great quantities of information is unique, and uncontrolled by law.

Many in the US believe that US privacy law requires some revision to protect against overly zealous corporate and governmental collection and processing of personal information. But does that conflate to the conventional wisdom that actual privacy levels are higher in the EU? Perhaps it is time to assess objectively the accuracy of these three contentions, and whether that bit of conventional wisdom may miss the mark. [footnote omitted]

Access the full version of this article with your lexis.com ID. Additional fees may be incurred.

If you do not have a lexis.com ID, you can purchase this commentary and additional Emerging Issues Commentaries from the LexisNexis Store.

Lexis.com subscribers can access the complete set of Emerging Issues Analyses for Copyright & Trademark Law and the Copyright & Trademark Area of Law pages.

For more information about LexisNexis products and solutions, please connect with us through our corporate site.

David Bender is the author of Bender on Privacy and Data Protection (LexisNexis Matthew Bender), published in 2011 and updated annually, and of Computer Law (LexisNexis Matthew Bender), initially published in 1978 and now a six volume set updated twice annually. He is an Adjunct Professor at the University of Houston Law Center, where he teaches Privacy Law, and a sole practitioner in Dobbs Ferry, NY, with extensive experience in privacy, information technology, and intellectual property litigation, counseling, and transactional matters. He was a founder of the IP practice at White & Case LLP, where he spent the majority of his career, and was head of the firm's privacy practice, which he also helped found. Mr. Bender previously served in-house at AT&T, where he was responsible for all IP litigation brought by or against any Bell System company. Before his service at AT&T, he was engaged extensively in antitrust litigation. He is a past president of the International Technology Law Association (formerly called Computer Law Association). Mr. Bender has made over 250 presentations at conferences sponsored by numerous organizations such as PLI, bar associations, and law schools on various topics in the realm of privacy, IT, IP, and antitrust, across the United States and in 19 other nations, and has authored over 100 law review articles and conference handbook papers. Before turning to the law, Mr. Bender served as an engineer with the aerospace division of Ford Motor Co., and as a mathematician with Hughes Aircraft.