While debate over the approach to privacy continues, it should be recognized that both the European Union and the U.S. share substantial common ground on privacy Credit: Thinkstock In this era of big data, small differences in privacy policy can easily become major controversies. Such is the case with the U.S.-EU Safe Harbor framework, which, for years, bridged the differences between EU and U.S. privacy laws and allowed commercial data to flow across borders. But when an EU court struck down the agreement last year, it created the possibility of massive economic disruption. This week, details were released of a newly-negotiated Safe Harbor deal, renamed, the EU – U.S. Privacy Shield, that will ease business concerns about transatlantic data flows. But it will face some European skepticism and an inevitable court challenge. With all of this, you’d be forgiven for thinking there are massive differences between the U.S. approach to privacy and the European’s. But the reality is that both sides share substantial common ground on privacy, as with so much in our social and political traditions. The EU and U.S. both treat privacy as a fundamental, or constitutional, right, and both have an elaborate structure of legal rights and responsibilities in place. Importantly, both provide the same high level of privacy protection in actual practice. The EU’s commitment to privacy as a human right is articulated in its foundational treaties, which guarantee “the right to respect for … private and family life, home and communications,” and safeguard “the right to the protection of personal data.” Europe’s single comprehensive data protection law explicitly furthers this commitment, and privacy’s status as a fundamental human right has been upheld in three recent European court cases: supporting the European Commission’s data retention directive; establishing a right to be forgotten; and invalidating the previous Safe Harbor. Europe has also ratified international treaties establishing privacy as a human right. It is just as true, but not as widely recognized, that privacy is held as a fundamental right in the U.S. It is, in fact, guaranteed by the U.S. constitution, including the Fourth Amendment’s stipulation that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated….” Supreme Court Justice Louis Brandeis described this constitutional privacy right as “the most comprehensive of rights and the right most valued by civilized men.” The U.S. has also signed international treaties establishing privacy as more than an economic right. The U.S. system includes two essential protections of this constitutional right: first, the need for probable-cause warrants, obtained from an independent judge; and second, the exclusionary rule, which bars improperly obtained information from being used by the government in a trial. U.S. law also specifically provides for a right to digital privacy, including in the Electronic Communications Privacy Act, and the Foreign Intelligence Surveillance Act of 1978, which, in 2014, was amended to improve accountability and transparency. Much of the perception that there is a wide gulf between the U.S. and EU comes from differences in legal form and underlying philosophical rationale. The U.S.’s sectorial system protects sensitive personal information throughout the economy and is vigorously enforced by a variety of regulatory agencies, including the Federal Trade Commission. But it is more complicated than a single overarching privacy law such as Europe’s. Moreover, some key privacy protections are found in U.S. consumer laws, making it appear that they are mere utilitarian protections of an individual’s marketplace interests. There is no doubt that European legal texts are more explicit in connecting human rights and privacy than those in the U.S. But in actual practice, both offer the critical requirements of transparency, individual participation, purpose specification, data minimization, use limitation, data quality and integrity, security, accountability, and auditing. This commonality is not surprising, as both systems grew out of the Fair Information Practices that were first developed by the U.S. in the 1970s. But this difference of emphasis has too often led to careless rhetoric — on both sides of the Atlantic — that obscures the fact that both systems offer a uniform, high level of individual privacy protection. We have to hope that this fact trumps the rhetoric, as data becomes a bigger driver of economic opportunity and more essential to the way people everywhere live their lives. Related content opinion What’s next for content moderation? The Transatlantic Working Group considers transparency, alternative dispute resolution mechanisms and limitations on algorithms as ways forward. By Mark MacCarthy Nov 25, 2019 6 mins Government Technology Industry Legal opinion Social media companies shouldn’t censor campaign ads from legitimate political candidates Congress needs to extend the old broadcasting rules against media control of candidate messages to cover cable and social media. By Mark MacCarthy Oct 24, 2019 8 mins Government Technology Industry opinion Digital platforms are under attack The state AGsu2019 new antitrust investigation and Californiau2019s new independent contractor law both target digital platforms. Ironically, that could be their defense too. By Mark MacCarthy Sep 19, 2019 7 mins Government Technology Industry Legal opinion Should social media delete “provably false” stories? Itu2019s a dangerous standard that misses the real challenges facing digital platforms. By Mark MacCarthy Sep 09, 2019 8 mins Government Technology Industry Legal PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe