The Transatlantic Divide Over Data Privacy Rights

The following exchange occurred during a conversation between a representative of a U.S. technology company and a European data protection authority (DPA):

Company representative: Your data protection law is making it impossible for us to offer our technology in Europe!

DPA: It is your technology that has to adapt to our legal system, not the other way around!

The question of whether legal requirements should determine how technology and business models are structured, or whether the law should bend to technological and business imperatives, is at the root of the many of the differences between the EU and U.S. approaches to data privacy. And the differing status of privacy as a constitutional or human right underlies how this question is dealt with in the two systems.

There are major differences in how the two systems protect data privacy at a constitutional or human rights level. The U.S. Constitution does not mention the term “privacy”, but the Fourth Amendment protects against unreasonable searches and seizures by the government, and the U.S. Supreme Court has construed other constitutional provisions—such as the Due Process Clause of the Fourteenth Amendment—to create privacy rights in certain circumstances.

Data protection and privacy rights are explicitly recognized in the treaties that form the constitutional basis of the EU. In addition, they are protected as fundamental rights in the constitutions of various EU member states and by rulings of the highest European and member state courts.

The U.S. system protects constitutional rights only against government action, whereas in the EU the state has a duty to protect the privacy of individuals against violations by nongovernmental actors as well.

Privacy is generally protected in the U.S. as a “negative” right that obliges the government to refrain from taking actions that would violate constitutional rights; by contrast, in the EU, the state also has a constitutional obligation to affirmatively protect privacy rights.

In the U.S., by definition, a constitutional right is only protected if it can be found to derive from the U.S. Constitution. However, in the EU, human or fundamental rights—including data privacy—constitute so-called “general principles of law” that apply mandatorily even if they do not directly derive from a specific constitutional source.

These differences lead to transatlantic tensions. Americans often seek to treat data protection as a trade issue, while in the EU its status as a fundamental right means that it cannot be dealt with solely as a commercial matter—which will inevitably put the two sides on a collision course during forthcoming negotiation of the EU-U.S. Free Trade Agreement.

The constant reference in U.S. parlance to persons as “consumers” also grates on European sensitivities, which regard human beings as individuals with inalienable rights rather than merely as participants in the marketplace.

For their part, Europeans are often ignorant of the long tradition under U.S. law of protecting privacy against government intrusion. An eminent European academic has remarked to me that U.S. law has protections against governmental intrusion on privacy that the EU should envy.

Even the most respected legal commentators have sometimes been misled by differences in the EU and U.S. constitutional systems for privacy protection. For example, in his seminal 2004 article in the Yale Law Journal, Prof. James Q. Whitman argues that privacy protection in the EU is based on the protection of personal dignity—as in the sense of one’s personal honour—whereas actually its basis is the constitutional concept of human dignity—which requires respect for a person’s individual worth as a human being.

Insufficient attention has been devoted to resolving transatlantic misunderstandings over the status of privacy and data protection as a human right. For example, why do the EU and U.S. agencies negotiating data privacy matters not establish an ongoing initiative to help them better understand the basic constitutional concepts on which each other’s systems of privacy rights are based?

All this suggests that the EU and the U.S. will have to invest much more effort to increase mutual understanding of their differing systems for the protection of constitutional rights if there is to be a transatlantic accommodation on data privacy.

photo credit: Mr. T in DC via photopin cc

Written By

Christopher Kuner


If you want to comment on this post, you need to login.
  • Cindy Compert May 20, 2013

    Well written- clear and concise.

  • Caspar Bowden May 23, 2013

    Hi Chris why do you mention the Fourth Amendment? It's an irrelevance for Europeans located in Europe worried about what happens to their data under US jurisdiction. See the debate last year in House Judiciary Ctee on FISAAA 1881a - even EPIC and ACLU did not attempt to argue the 4th protects "foreigners in foreign lands". Isn't is a rhetorical fallacy to say that because US had good protections for US persons inside the US, better in some cases that European law for Europeans in Europe, that this should offer any reassurance to Europeans about what can happen to their data when it is sent to the US?

  • Mike Anderson Jun 13, 2013

    Hi Chris, In the light of the third-party doctrine, together with the recent controversial events relating to the PRISM and other US secret surveillance programs I think it is time to bury the idea that there is any significant privacy protection in the US. However I think you are spot on in highlighting the transatlantic divide with respect to privacy being a fundamental human right, worthy of protection against both states and commercial interest, versus a commodity. It goes far beyond the concept of the "worth" of a human being and shakes the very foundation of a free and democratic society when we accept that the "worth" of an individual is to be equated with their financial worth as a consumer. The German Constitutional Court based its milestone judgement in a significant part on the fact that intrusion into the private sphere has a chilling effect on freedom of thought, freedom of speech and the free participation in society. These are the fundamental freedoms that are now under attack for some time. I find it appalling to what extent the US judicial system is prepared to play word-games to "legitimize" massive abuse of fundamental rights in the interests of "the State" and "Law Enforcement" and essentially to collaborate with political/economic interests to PREVENT the exposure of state abuses of power and surveillance technology by raising the barrier of "standing" in order to prevent the veil of secrecy being penetrated and the truely shocking clandestine surveillance being exposed to the light of day. In the EU it is an open secret that the flow of information from US Surveillance agencies to US Industry is very much a two way street. Airbus learned about this and a previous head of the NSA openly defended industrial espionage using Echelon Data. What PRISM has achieved is the destruction of trust and credibility of both the US Administrations and commercial organization as a basis for transatlantic collaboration and trade. This is a high price to pay. I wonder what the world would look like today if the SS and Gestapo had been able to access 21-st Century surveillance technology. Given the existence of mega-databases such as we have today, whether this is a good or a danger to freedom depends entirely on the questions being asked and the robustness of protection of fundamental human rights.

  • Christopher Kuner Jun 19, 2013

    Thanks to those who commented on my post. Yes, the recent PRISM revelations have certainly put these issues in a new light. regards Christopher Kuner


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»