The EU's Privacy Law

While the United States and the countries of the European Union have much in common - a reverence for democratic processes and free markets, for instance - they sometimes have to bridge a cultural divide. One such gulf was opened by the EU's newly implemented law to protect the privacy of personal information.

This law reflects a concern for personal privacy that goes far beyond what American policymakers have so far evidenced. Under the law, "data subjects" - those whose personal details are being put to commercial use - have rights to know where such information originates and to what purpose it's being put. They have to be able to access the information, correct anything that's wrong, and say "no" to its use, if they desire.

This is anathema to US companies whose stock in trade is the commerce in personal data - everything from buying habits to health records. Some business commentators have forecast that the new EU regulations will bring transatlantic trade virtually to a halt. That's overstatement for effect, we suspect. American firms have managed to sustain commerce with European nations, such as Germany, that had privacy laws protecting personal data even before the EU action.

But there's little doubt that adjusting to the new rule will have wide repercussions, since such a wide range of businesses use specific bits of personal information in the course of daily commerce.

The airlines industry is a prime example. It has, in fact, provided an initial test of the EU law. American Airlines has been barred by a Swedish court from transmitting data about customers, such as food preferences, back to its US-based databanks.

Such movement of information outside the EU is prohibited now, unless the receiving country has "adequate protections" of its own against misuse of personal data. But are protections in the US, which consist largely of voluntary standards within particular industries, "adequate"?

The airlines case, now under appeal, will help answer that question - as well as indicate just how stringently the EU law will be applied. A definitive answer, however, should emerge from current negotiations between the EU and US.

The EU hopes to arrive at an understanding with the US by the end of the year, which should clarify what's expected of non-European businesses.

A reasonable outcome would balance privacy concerns with the need to pursue business transactions with information-age swiftness. The type of personal data, the likelihood of real damage to individuals, and the possibility of getting consent before personal data is used - all are important points for discussion.

Business concerns aside - and sometimes they need to be put aside - the EU is doing people on both sides of the Atlantic a favor by highlighting the privacy issue. It's a facet of the growing commerce in information that must be addressed.

of 5 stories this month > Get unlimited stories
You've read 5 of 5 free stories

Only $1 for your first month.

Get unlimited Monitor journalism.