The E-Commerce and Tech Law Blog is a forum for practitioners
and Bloomberg BNA editors to share ideas, raise issues, and network with
colleagues on news, hot topics, and trends affecting e-commerce and technology
law and regulations.
Wednesday, February 8, 2012
by Thomas O'Toole
Back in December, U.S. Department of Commerce General Counsel
Cameron Kerry gave a speech in which he said that his agency would
be "watching closely" how the European Commission approached data
in its then-unreleased data protection regulations. At the time,
neither the European Commission nor the Department of Commerce had
released their data privacy protection proposals.
The European Commission's proposal for a data protection regulation is out now. Commerce's proposal is expected to be released any
There seems little doubt that, when the two documents are laid
side-by-side, they will reveal a difference in approach to privacy
as wide as the Atlantic itself.
In the European Union, where privacy is considered a fundamental
human right, the policy leader is Viviane Reding,
vice-president of European Commission and leader of its Justice,
Fundamental Rights and Citizenship directorate. Here in the United
States, where the privacy is viewed as an interest to be balanced
development is the Department of Commerce, an agency whose mission
is to promote the domestic economy. Privacy rights are not part of
Commerce's mission nor, for that matter, is consumer
In his speech, Kerry promised that his agency's forthcoming
"white paper" proposal would call for a "comprehensive Bill of Rights as
a baseline for consumer data privacy." Because data privacy
protection is a significant financial burden on business,
particularly on the dynamic (and notoriously insecure) internet,
the privacy rights that Commerce eventually proposes will necessarily be
tempered by the needs of businesses to maximize the return on their
activities and to eliminate barriers to future innovation. A true
privacy right emanating from the Department of Commerce would be an
odd duck indeed. Perhaps the thought here is that online businesses should be given same sort of friendly regulation that domestic agriculture receives from the Department of Agriculture.
Over on the other side of the Atlantic, the European Commission's privacy proposal describes the following as fundamental
The EC also proposed additional rights for individuals in cases
of sensitive data, data-mining, and profiling. All of the rights
proposed by the EC would be enforced by data protection authorities
in each EU member state, who have authority to impose rather large
fines, and by private lawsuits in local courts.
There isn't much doubt that, when the white paper is released, American-style privacy is going to fall far short of the
European Commission's conception. Judging from its December 2010 "green paper"proposal, the Department of Commerce's view
emphasizes flexibility, innovation, and generally creating the
least possible burden on businesses. The green paper called for industry-created codes of conduct that conformed to an as-yet
unspecified "Bill of Rights" to be legislated by Congress,
all backed up by Federal Trade Commission enforcement. The
The green paper reflects the reality that there is very little
sentiment among federal government officials to write into law
strong data privacy rules along the lines of those proposed by the
European Commission. The United States and Europe are fundamentally
at odds over the nature of privacy rights. We don't agree with
Europe on the nature of privacy or on how privacy
rights/interests/expectations should be enforced. This state of affairs is not going
to change soon, unless a movement in favor of individual privacy
rights materializes soon. Though something along the lines of the
recent SOPA/PIPA uprising might do it.
It will be interesting to see if the Department of Commerce will
use the upcoming white paper to respond to the European
Commission's views on privacy. They might offer a defense of U.S.
and FTC oversight is all that Americans want and businesses can
reasonably be expected to provide. Commerce officials might also
give increased attention to helping businesses in the United States cope
with, and thrive under, the imminent European privacy regulations. These objectives seem more in line with Commerce's statutory mission than the task of
defining privacy rights in the first place.
By Thomas O'Toole
Follow this blogger on Twitter at @bnatechlaw.
to post a comment.
ICANN Reader: IANA Transition Away from U.S. Draws Widespread Concern
Cyberlaw Review 2014: ICANN's New Top-Level Domains
Cyberlaw Review 2014: Cloud Computing, Consumer Protection, Computer Crime, Data Breaches
Cyberlaw Review 2014: Internet Governance
Cyberlaw Review 2014: Internet of Things, Online Contracts