The globalization of privacy: implications of recent changes in Europe

American Journal of Economics and Sociology, The,  July, 1993  by Priscilla M. Regan

• E-mail
• Print
• Link

Predicting congressional action is always risky, but given the confluence of interests here, it is safe to say that action is unlikely to be radical. Congress is unlikely to pass omnibus legislation that imposes similar requirements on all private sector firms. The establishment of an agency with regulatory power over the public and private sectors is also unlikely. Instead, it is likely that a bit more than is minimally required to meet the European Data Protection Directive will be legislated. A Data Protection Board with largely advisory powers is likely. Giving that board the power to require private sector companies to submit codes of self-regulation is also likely and would be similar to what Canada plans to do to meet the European Directive. The issue that may be more difficult to resolve is the type of consent that is required for secondary uses of information. Business vastly prefers the "opt out" approach. But the European interest in informed consent or "opt in" and the record of past business abuses under the "opt out" approach lends political support for privacy advocates to push for "opt in."

It may appear somewhat ironic that one of the world's great democracies is being pushed into protecting its citizens' privacy by decisions made by European countries. But appearances can be deceiving. The expected strengthening of US laws will not be a simple reaction to the European Data Protection Directive. Instead, changes taking place in the problem, policy and political streams within the United States are now ready to take advantage of a "policy window" opened in the US by the European Directive.

Notes

1. Frits W. Hondius, "Data law in Europe," Stanford Journal of International Law (Summer 1980): 102.

2. For a review of these laws see: Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca: Cornell UP, 1992) and David H. Flaherty, Protecting Privacy in Surveillance Societies (Chapel Hill: U. of North Carolina P., 1989).

3. Priscilla M. Regan, "Public Uses of Private Information: A Comparison of Personal Information Policies in the United States and Britain," Ph.D. diss., Cornell University (1981).

4. In the United States and other common law countries (Canada and Australia in particular), "privacy" is the term that has been used in most policy discussions. The policy problem is one of privacy invasions and the policy solutions is to strengthen the individual's right to privacy. In European countries, the term "data protection" has been used to signify that the problem is misuse of personal information or data and that the policy goal is to protect data from misuse. The significance of these terms is discussed in Bennett (1992), Flaherty (1989) and Regan (1981). In this paper, I will use data protection because that term is the primary one used in international discussions.

5. The early drafts of the proposal (Commission proposals of July 1990; the Economic and Social Committee of April 1991) were entitled "Council Directive Concerning the Protection of Individuals in Relation to the Processing of Personal Data." The Parliament amended the proposal in March 1992 and the proposal approved by the European Commission and submitted to the Council of Ministers is entitled "Council Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data." COM (92) 422 final-SYN 287 (Brussels, 15 Oct. 1992).