Simon Davies: Privacy's New Image

America's new rules of privacy are coming from the Old Country. Here's how Europeans like Simon Davies are getting America to rethink privacy.

The differing views on privacy between the United States and Europeand even among the European Union countriesare based on the intrinsic values of cultures that are centuries old. For example, British citizens are protected by the EU Data Privacy Directive (see "EU Data Privacy Directive," Page 53), which gives them the rights of notice, choice and access to their personal information that Americans don't have. But they also live in a culture where camera surveillance is ubiquitous. From traffic lights to street corners, British citizens are under almost constant observation...and they don't seem to mind. "Britain continues to confound and surprise me," says Rosen. "They have embraced cameras, showing great deference to authority, and yet this same culture that is wired with cameras is far more respectful of people's privacy in public. They don't stare at celebrities or yell loudly on their cell phones on the train. They maintain boundaries the more democratic Americans don't respect."

The German experience with Nazism had a profound effect on that country's cultural views about privacy and the rest of Europe's as well. During World War II, people saw the destructive power that information could have in the hands of an evil government. The postwar lesson of maintaining a healthy relationship between citizens and organizations also fostered a belief in a right to privacy. Today's German Secret Service, for example, is given broad surveillance authoritybut only to investigate terrorism. Any evidence of a low-level crime that is discovered in the process of that surveillance cannot be legally pursued, preventing authorities from going on fishing expeditions for information.

The French are tremendous proponents of government regulation for just about everything. Unlike Americans, they feel no need to constrain their government's involvement in instituting privacy controls and have some of the most extensive regulations of dignitary offenses in Europe.

When Europeans embraced omnibus privacy legislation in 1995 with passage of the EU Data Privacy Directive, Americans were forced to respond. In order to preserve the continuity of trans-Atlantic commerce, the Federal Trade Commission brokered an agreement with the EU called Safe Harbor, which would require U.S. companies that sign on to it to abide by the EU's basic privacy principles.

However, relatively few U.S. companies have signed ononly 353 at press timeand the vast majority of those are small companies rather than the Fortune 1000 behemoths whose information practices could cause the greatest harm to the privacy of European citizens. "Safe Harbor was and is a well-intentioned effort and works for many companies," says Ivan Fong, chief privacy leader and senior counsel of IT at General Electric. "But it is only a partial solution for other companies, in that it only covers data flows between Europe and the U.S., and many multinationals have data flows that go beyond that route." He adds that Safe Harbor, as currently negotiated, doesn't cover financial services companies because the United States and the EU cannot agree on whether the U.S. data protection laws that govern financial institutions meet the EU's "adequate protection" standard.