In January 2012, the European Union (“EU”) introduced a draft regulation that would make it more difficult for companies within the EU to gather personal data from consumers. In the wake of recent developments that the National Security Agency has been involved in questionable surveillance practices in the United States, the European Union is certainly taking steps to provide greater individual privacy protections.
What Are the Terms of the New EU Personal Data Directive?
The right to privacy is an important component of the European Convention on Human Rights, a highly developed area of law in Europe. According to the new regulation, institutions may only access personal data if the purpose for gathering the personal data falls within three categories. First, a company or agency may collect and process personal data if the individual is first informed. For example, among other preliminary requirements, the individual must initially be aware of the purpose for gathering personal data. Germany’s chancellor, Angela Merkel, has urged the EU to adopt additional restrictions to require internet companies to reveal details about the companies they will be sharing personal data with. Next, a company or agency may collect personal data if the data is “adequate, relevant and not excessive” in relation to the purpose for the collection. Additional restrictions may apply if the data is more personal, such as when the data goes to religious beliefs, political affiliations, sexual orientation, or racial association. Finally, personal data may be gathered and processed for a “legitimate purpose.” However, this is a very narrow category and the reasoning behind the data collection must be very specific. As an added safeguard, any data collected within the EU may only be transferred to countries outside the EU if those countries provide substantial levels of personal privacy protection as well. This requirement would pose an obstacle for social media websites, such as Facebook, that exist across the world and gather information from users to share with companies that operate under different privacy-protection standards.
How Do EU Personal Data Protections Compare with U.S. Regulations?
Perhaps the greatest difference between EU and U.S. privacy regulations is that the United States does not prefer governmental regulation alone. Instead, in America individual privacy protections are divided among legislation, regulation, and self-regulation. Historically, the government has preferred to leave regulation to the individual companies to adopt and implement policies to protect privacy in the course of their business operations. As a result, the United States does not have a body of laws, like in the European Union, to protect against invasions of cyber privacy. Differences between the European Union and United States’ regulations become an issue when international internet companies, such as Google and Facebook, are able to operate under different restrictions depending on the country where they are gathering personal data. Indeed, these companies face greater hurdles when they attempt to gather information in EU countries than when they attempt the same in the United States.
At the Law Offices of Salar Atrizadeh, we guide our clients in legal matters regarding all aspects of cyberspace law and privacy issues by using extensive knowledge and skills to create innovative solutions to protect your privacy. Please contact us today to set up a confidential consultation.