My colleague Ben Wizner and I are in Brussels this week, partly to meet with European lawmakers and others about the new privacy regime that the EU is in the process of putting into place. Unlike the United States, Europe has a set of basic rules and institutions in place to protect individuals’ privacy, and is trying to update its existing rules and institutions for the digital age.
The United States needs similar protections—a basic, overarching privacy law, and institutions with the teeth to enforce it. We are an outlier in the world in lacking those things. However, some U.S. companies seem to be terrified at the prospect of basic, fair privacy rules being put into place in Europe. Not only are companies such as Facebook and Google furiously lobbying against those rules, but the U.S. government has “shocked” Europeans by also lobbying hard against many elements of this update.
Europe’s proposed new rules could “stifle innovation and inhibit growth.” The only innovation that will be stifled by instituting basic, fair privacy protections is “innovation” in how efficiently advertisers can trick people into sharing more than what polls clearly show they want. Even on a purely business level, the U.S. is not being smart or thinking long-term. Privacy is a human necessity, and insofar as our internet companies and other institutions do not respect it, people will find work-arounds to protect their privacy when they need it. That means that those institutions will become less socially useful. Long-term, everyone WILL become aware of the limits on their privacy, so allowing companies to monetize the temporary gap between the spying that’s now possible and people’s current lack of understanding of that spying, is extremely short-sighted. The EU’s justice commissioner Viviane Reding got it right when she said in a statement, “A strong, clear and uniform legal framework will help … foster economic growth, innovation and job creation in Europe.” The growth enabled by solid privacy ground rules—in Europe and the United States—will be a healthier, longer-term growth, not the corrosive short-term money-grab based on spying without people’s knowledge or consent.
The “interoperability of our respective privacy regimes is critical.” Translation: Europeans should weaken their privacy protections. Because, apparently, we feel no need to bring ours up to par. No doubt it is vital for many parties that the EU and the United States harmonize their rules; but harmonization shouldn’t equal a “race to the bottom.”
The EU should “develop its standards through a multi-stakeholder process.” While the “multi-stakeholder process”—an institutionalization of the classic interest group pluralism theory of government—probably makes sense in some situations, in others, it’s akin to asking the fox and the chickens to get together to hammer out standards for chicken-coop fencing. The farmer needs to just build the kind of fence that will protect the chickens. Sometimes you just need to regulate. That doesn’t mean you don’t listen to the regulated parties at all—rules tend to be overbroad, and must reflect reality and be carefully tailored and adjusted to achieve their proper ends—but the idea that the sum total of the vectors of the lobbying of all interested “stakeholders” will yield the public good, is naïve.
The regulation “gives data protection officials—who by and large will have no law enforcement experience—the final say on whether cooperation should be provided.” Heaven forbid! How terrible that an external, non-law enforcement body have any power over what data law enforcement gets access to. That’s what we used to call a “check and balance.” Law enforcement agencies in the past 10 years have apparently gotten so accustomed to unchecked surveillance powers that they’ve forgotten what it’s like—due, no doubt, to the reduction in oversight by the Patriot Act and other post-9/11 legislation, the rapid exploitation of new technologies for spying before law and regulation can catch up, and the continuing absence of a real privacy oversight body such as the PCLOB.
The sad fact is that the United States has gotten out of balance. Harmonization is necessary for many reasons—law enforcement agencies need to cooperate across the Atlantic, and we want businesses to work smoothly across markets. But in the United States, the political power of business—which, as historians have written, has always waxed and waned throughout our history—is probably now at an all-time high, distorting our pursuit of the public good in favor of corporate interests. And our national security establishment is enormous and bloated, protected by a shield of unchecked secrecy, endowed with dangerous new powers, and wields a dangerous influence on American public policy.
The job of the U.S. government abroad is to protect the interests of Americans. In Europe, instead of protecting the basic, long-term interests of its citizens, our government is protecting the narrow, short-term business interests of some companies. The U.S. is arguing that harmonization is critical—but we don’t see the administration lobbying Congress to strengthen American privacy laws—only to weaken Europeans’.