- By international standards, the United States takes an almost laissez faire “sectoral” approach to privacy law, concentrating on a handful of specific areas of data management—e.g., medical records, credit reports, children on-line, electronic surveillance, and the other topics discussed in earlier chapters. Even with all its privacy laws, the United States leaves most areas of personal data processing largely unregulated.
- By contrast, those overseas jurisdictions with omnibus data protection laws regulate all data about identifiable people. Because foreign data laws are comprehensive, they reach even seemingly innocuous databases such as telephone books, restaurant reservations systems, and personal weblogs. And these foreign data laws affect core aspects of business operations, such as invoicing, personnel records, customer records.
- The difference between U.S. privacy regulation and these omnibus data protection laws in large part relates to the jurisprudential gulf separating the American “sectoral” approach to privacy regulation from other countries’ comprehensive sweep. Because the First Amendment grants us an explicit right to discuss, print, or post on-line most information we have about others, without any express exception for speech that might intrude on someone’s claimed privacy, the text of the First Amendment elevates free speech interests above privacy concerns. As such, our Constitution actually protects would-be privacy violators more explicitly than potential victims of privacy breaches.
- Not so abroad. Europe, Canada, Argentina, and other jurisdictions with constitutional privacy protection and comprehensive data protection laws come at this issue from an entirely different perspective. Rather than putting privacy interests on a scale counterbalanced by free speech rights, these countries analogize privacy rights with intellectual property rights. If government is going to let corporations keep competitors from exploiting brand-names and trademarks, the law certainly should allow a citizen to keep others from trafficking in his credit history, sex life and other personal information.
- Practice Tip: Even many sophisticated U.S. businesses are sometimes shocked to learn of the significant regulations of personal information in foreign countries, particularly in the EU and particularly how these affect cross-border data flows. Businesses are well-advised to fully understand internal data flows and conduct a legal assessment of not only domestic privacy law compliance but also foreign operations’ and cross-border data transfers.
< Previous Section | Next Section >