European data laws have been in place since 1995. They were brought in as a reaction to the growing amount of internet based businesses owning large amounts of private data. The main idea behind the act is to ensure that use of private data either doesn’t happen or that it is consensual.
[easy-tweet tweet=”Data protection in Europe is very different to data protection in the US” user=”Frontier_Tech @comparethecloud” hashtags=”data”]
Below are some of the key tenets of the European Data Protection Directive:
Data may be processed only under the following circumstances. (art. 7):
- When the data subject has given his consent.
- When the processing is necessary for the performance of or the entering into a contract.
- When processing is necessary for compliance with a legal obligation.
- When processing is necessary in order to protect the vital interests of the data subject.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed.
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject. The data subject has the right to access all data processed about him. The data subject even has the right to demand the rectification, deletion or blocking of data that is incomplete, inaccurate or isn’t being processed in compliance with the data protection rules. (art. 12)
This focus on human rights and the interests of the individual rather than the collective is stark in comparison to the U.S equivalent. The U.S data protection law is more reactive and tends to pander to the concerns of big industries.
This was best demonstrated during the creation of the ‘Framework for Global Electronic Commerce’ when Bill Clinton and his vice-president Al Gore recommended that ‘the private sector should lead’ and that ‘companies should implement self-regulation in reaction to internet technology’.
This type of small-government attitude is indigenous to the United States and their laissez-faire attitude to digital privacy is a hallmark of the American constitution. The implicit right to privacy is guaranteed by the age old legislature, so they aren’t too concerned with creating a new one.
One of the reasons that the approach to privacy laws in the EU is so radically different from our American counterparts is due to history. We don’t have a uniform constitution and tend to hold historical documents with less reverence.
Another reason is that our history dictates our political philosophy. During WWII and the period after, Europe was rife with Communist regimes that actively used personal information as a way of benefiting themselves.
[easy-tweet tweet=”European history has greatly impacted the way in which personal data is dealt with in the EU” user=”comparethecloud” usehashtags=”no”]
One massive example of personal data used in a malicious way was the use of personal information to send certain demographics to Nazi concentration camps. Although, this type of situation will never happen again, there is now a certain stigma attached to the way that large governments and institutions manage private and personal data.
As a reaction to this, certain companies and individuals have started to call for the EU to loosen their grip on data protection and start operating in a similar way to the U.S. There is a large group of service providers who would much rather see a more lenient system that operates on an ad-hoc basis, one that’s more responsive to changes in technology and the market.
While the privacy of users must be valued, legislation needs to be able to move with the times and technology. Where do you stand on the issue?