Transatlantic Data Privacy Law

Privacy and Security

Article Snapshot

Author(s)

Karl-Nikolaus Peifer and Paul M. Schwartz

Source

The Georgetown Law Journal, Vol. 106, No. 1, pp. 115-179, 2017

Summary

The European Union (EU) restricts the transfer of information to countries such as the United States, which regulates privacy differently. New EU privacy regulations and the Privacy Shield, a treaty between the EU and the U.S., will help resolve the differences.

Policy Relevance

New privacy rules will increase coordination of privacy rules between the EU and the United States.

Main Points

  • The EU strictly limits the transfer of personal data to non-EU countries such as the United States, which lacks “adequate” privacy protection.
     
  • EU privacy law protects privacy by creating strong privacy rights at the constitutional level, and by means of statutes that give “data subjects” rights against the “data controller.”
     
    • Contract law and consent play a limited role.
       
    • The law seeks to limit the overall negative affect of individual decisions.
       
    • EU law is motivated by citizen’s experiences during and after World War II.
       
    • Data protection law is parts of the identity of the EU citizen.
       
    • EU law regulates both the private sector and the government.
       
  • In the United States, privacy rules accommodate the flow of personal information in the market.
     
    • Privacy rights are created by statute, and are tailored to specific sectors, such as health care information or financial information.
       
    • Contract law and consent play a significant role.
       
    • Consumers are rarely required to “opt in” to data collection.
       
    • The Federal Trade Commission protects consumers from deceptive trade practices.
       
    • The U.S. Constitution limits regulation of the private sector.
       
  • New EU data protection rules, the General Data Protection Regulation, become binding in 2018.
     
    • The new rules escalate punishment for disfavored international data transfers.
       
    • The rules require frequent consultation with U.S. officials.
       
  • The Privacy Shield, which took effect in 2016, is a treaty between the EU and the United States.
     
    • The treaty requires U.S. companies to be careful how they use information from EU citizens.
       
    • EU subjects must opt in to processing of sensitive data.
       
    • Enforcement of EU-based standards is stronger.
       
    • Both EU and U.S. negotiators are interested in supporting international security and anti-terrorism efforts.
       

 

Get The Article

Find the full article online

Search for Full Article

Share

About the Authors

TAP Academic

Paul M. Schwartz

Director
Jefferson E. Peyser Professor of Law

School of Law

University of California, Berkeley

423 Boalt Hall
Berkeley, CA 94720

Phone: (510) 643-0352

pschwartz@law.berkeley.edu

Karl-Nikolaus Peifer

Director

Institute for Media Law and Communications Law

University of Cologne

Albertus-Magnus-Platz
50923 Köln, Germany

kpeifer@uni-koeln.de