29 March 2012

EU and US aligned on privacy principles, but agree to disagree on implementation

On 19 March, leading US and EU policy makers convened at a conference jointly held in Washington and Brussels to discuss transatlantic relations on privacy and personal data protection.

By Robert McGruer

On 19 March, leading US and EU policy makers convened at a conference jointly held in Washington and Brussels to discuss transatlantic relations on privacy and personal data protection. Against the backdrop of important data protection policy reforms recently announced in both Washington and Brussels, the conference was a prime opportunity for both sides to compare and contrast their approaches to this increasingly important area.

Given the well documented differences in EU-US data protection policy, it was interesting to hear panelists from the Commission and the US government in broad agreement over shared privacy principles, and to agree that governments have ‘a fundamental role in providing a framework of trust online’.

As outlined in President Obama’s Consumer Privacy Bill of Rights in February, the US intends to take a stronger approach towards privacy and data protection through the development of enforceable codes of conduct. While EU officials see this as a positive first step in transatlantic data protection relations, it falls short of their expectations for an overarching US legal privacy framework.

US officials argue that codes of conduct are more flexible and adaptable than hard law, and therefore a more appropriate tool for regulating in the online world. Furthermore they refer to recent high profile FTC privacy investigations as examples of deterring non-compliance and ensuring accountability.

So in spite of EU–US agreement on the principles of data protection, a cultural gap remains as regards their implementation. In pushing ahead with the broad reform of the EU’s 1995 data protection rules, Commissioner Reding will seek to further entrench the right to privacy as a cornerstone of EU law. US Congressman Ed Markey provided an inspiring intervention praising EU progress in this area, but judging from the various other contributions to the conference, the US has a long way to go before considering a move towards law-protected privacy rights.

Click here for the EU-U.S. joint statement on data protection by European Commission Vice-President Viviane Reding and U.S. Secretary of Commerce John Bryson.