Conference highlights gap between EU, US data privacy approaches

Buzz at the EU conference focuses on heavy lobbying by US industry

A widening gap between the European Union and the U.S. was the subject of much discussion at the Computers, Privacy & Data Protection conference in Brussels on Wednesday.

Jay Stanley, American Civil Liberties Union senior policy analyst, praised the E.U.'s rules on data privacy and said the U.S. needs similar protections. However, others said the E.U.'s data protection policy, following a vote on the proposed Data Protection Regulation in the European Parliament, does not go far enough.

Stanley said the U.S. lacks a basic, overarching privacy law and institutions with the teeth to enforce it. He urged European lawmakers to stand firm against lobbying by companies such as Facebook and Google as well as by the U.S. Mission to the E.U.

In a statement, Jérémie Zimmermann, spokesperson for citizen advocacy group La Quadrature du Net, also called for citizens to act "by urging our elected representatives to protect our rights and freedom by adopting strong safeguards for our privacy."

But he said that a vote on Wednesday in the European Parliament's consumer committee (IMCO) had weakened privacy rights by allowing easier profiling of users by companies and by softening obligations of notification of personal data breaches. "This vote shows how much the European Parliament can be influenced by the massive lobbying driven mostly by giant U.S. corporations -- banks, insurance and Internet services -- going against the interest of E.U. citizens," he said.

Meanwhile, Stanley said that the U.S. administration doesn't want to strengthen American privacy laws, only to weaken Europe's. "Harmonization shouldn't equal a 'race to the bottom,'" he said.

A recent document published by the U.S. Mission to the E.U. claiming that the proposed new regulation voted on by the European Parliament could "stifle innovation and inhibit growth" was also taken to task by Stanley.

The Mission document urged the E.U. "to look more towards outcomes that provide meaningful protection for privacy and focus less on formalistic requirements," called for a "more flexible approach to consent, for example consent need not always be express, affirmative consent" and said that the regulation's data breach notification time was too short.

It said that the regulation restricts how E.U. member states collect, process and transfer data on behalf of the U.S. because it gives data protection officials the final say on whether cooperation should be provided.

"That's what we used to call a 'check and balance,'" said Stanley. "Law enforcement agencies in the past 10 years have apparently gotten so accustomed to unchecked surveillance powers that they've forgotten what it's like -- due, no doubt, to the reduction in oversight by the Patriot Act."

At a parliamentary event on Wednesday, Dutch European parliamentarian Sophie In't Veld also expressed concern about possible extraterritorial applications of the Patriot Act, and notably the FISA (Foreign Intelligence Surveillance Amendments) Act, extended by the U.S. Congress at the end of last year. FISAA allows U.S. law enforcement authorities to browse the cloud without a court order.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies