EU takes its data privacy seriously; why won't the U.S.?

Samantha Bookman, FierceTelecom

Last Saturday, Jan. 28, activists and lawmakers in the EU and Canada celebrated an event that got relatively little publicity here: European Privacy Day. It was the culminating date in a monthlong campaign to raise awareness of privacy and data protection issues faced not just by the EU, but globally.

In the United States, the National Cyber Security Alliance also celebrated Data Privacy Day on Jan. 28, but its efforts focused on consumer-level methods to secure data from threats like hackers and data-mining viruses or other intrusions. European Privacy Day took a more holistic path in calling attention to privacy and data protection, with meetings and round tables in several countries including Belgium, Sweden, the UK, Hungary, Germany, and more. Each addressed aspects of privacy and security from the consumer, business and legislative level.

As I mentioned in a recent column, the EU is locked in negotiations with the United States over how the U.S. obtains and shares data on Europe's citizens. But that's not the only concern faced by the continent over how data is collected, stored and secured both within its borders and worldwide.

Privacy Day-related meetings discussed topics ranging from the implications of smart metering for privacy, to free speech and freedom of association issues related to the workplace, to reviews and discussion on current data protection laws and new laws being enacted. In short, participants didn't just ask how they could secure our computers and data centers against intrusion; they discussed the real implications of the IP age on individual rights.

The expansive reach of the dialog on the rights of individuals when it came to privacy and protecting data that's collected about them was surprising in its depth, compared to the U.S. version of Data Privacy Day in which consumers and businesses were given the usual instructions to keep their antivirus programs up to date and to be aware of current laws regarding release of individuals' data.  

Most discussion of legislative or corporate efforts to protect data and comply with privacy rules in the U.S. is kept within legal and corporate circles; most Americans don't think much about privacy laws. It's dry stuff, to be sure, and it takes a Herculean effort to call their attention to even a single facet of privacy and data protection. Last week's Web-wide protest against the proposed SOPA and PIPA bills is a good example of the level of effort needed to call attention to an issue with our data networks and/or the Internet. But a law that also deeply affected individual rights to privacy was passed with little comment just three weeks prior.

"Technology is changing the way institutions, governments, and individuals interact," wrote E.D. Kain in a Forbes article about the National Defense Authorization Act. "The symmetry of power is shifting and governments and non-state actors alike are scrambling to keep up. Sometimes this creates real security threats." And it raises questions about how well our private information is being protected, or how it's being used, in the midst of this scramble.

The United States needs to put at least as much effort into publicizing the discussion about privacy and data protection as the EU does. Let's see what next year's Data Privacy Day addresses.--Sam