Jiri’s Notepad

Interesting paper on privacy (or data protection, whatever you chose), by Stephen Kobrin from upenn, which esentially supports my suspicions that

a) the reason I don’t understand the debate on anonymity that’s going on at some US blogs is not that I am thick, but rather that the concept of privacy is understood in fundamentally different ways at both sides of the pond.

Kobrin confirms that by saying

“In the United States, rights are generally, if not universally, seen as rights against the government. Thus, the U.S. approach to data privacy reflects a basic distrust of government; markets and self-regulation rather than law shape information privacy in the U.S. and as a result the legislation that does exist is reactive and issue specific (George, Lynch, and Marsnik 2001; Reidenberg 2000). Protection tends to be tort based and market oriented rather than political: a ‘patchwork of rules’ that deal with specific sectors and problems in a haphazard manner (Banisar and Davies 1999; Frumholz 2000; Kang 1998; Reidenberg 2000; Roch 1996; Swire and Litan 1998).

In America privacy is seen as an alienable commodity subject to the market. Disputes about personal information as well as mechanisms for its protection are cast in economic terms: questions about property rights; who ‘owns’ the data collected in a commercial transaction; and who has the right to the rents flowing from its exploitation. The American emphasis on the market is evident even in the context of regulation. Senator Hollings cast the need for The Online Personal Privacy Act (S.2201) in terms of strong preemption (to give business the certainty it needs in the face of conflicting state standards), promoting consumer confidence and bolstering online commerce, and preventing consumer fears from stifling the Internet as a consumer medium (U.S. Senate Committee on Commerce 2002).

In contrast, the European approach to data privacy puts the burden of protection reflects on society rather than the individual. Privacy is considered to be inalienable, a fundamental human right, and comprehensive systems of protection take the form of explicit statutes accompanied by regulatory agencies to oversee enforcement. It is the protection of the rights of citizens or ‘data subjects’ rather than consumers or users that is of concern (Frumholz 2000; George, Lynch, and Marsnik 2001; Reidenberg 2000).”

b) European data protection laws do affect design of technical solutions such as Liberty that originate in the US.

Stephen Kobrin confirms that with the view that

“Given the size of the EU’s economy and its relative preference for regulation, its policies have had a significant impact within the United States:  as a Wall Street Journal article noted, ‘Americans may not realize it, but rules governing the food they eat, the software they use and the cars they drive, are increasingly set in Brussels’ (Mitchener 2002,” and

“While the objective of the European Union’s (1995) Data Directive is ‘domestic,’ given the inevitability of cross-border data flows it attempts to protect the data privacy of Europeans regardless of where data are transferred and processed. In this case spill-over is inherent if the Directive’s protection is to be effective; the ‘domestic’ legislation has a transnational footprint.”