College of Management, North Carolina State University, Raleigh, NC 27695-7229 1David_Baumer@ncsu.edu 2Julia_Earp@ncsu.edu 3JC_Poindexter@ncsu.edu
Internet Privacy Law: A Comparison between the United States and the European Union
The increasing use of personal information in web-based applications has created privacy concerns worldwide. This has led to awareness among policy makers in several countries regarding the desirability of harmonizing privacy laws. The challenge with privacy legislation from an international perspective is that the Internet is virtually borderless but legislative approaches differ between countries. This paper presents a functional comparison between current privacy law in the European Union and in the United States, as such laws relate to regulation of websites and online service providers. In addition, we articulate the similarities and differences between the 2002 EU Directive 2002/58/EC, titled the Directive on Privacy and Electronic Communications, which has been adopted by the EU but not implemented, and the proposed U.S. Online Privacy Protection Act. Using a qualitative approach, we use the Fair Information Practices to organize discussion of comparisons and contrasts between U.S. and EU privacy laws. Our investigation of this topic leads us to conclude that the right of privacy is more heavily protected in the EU than in the U.S. The Online Privacy Protection Act, recently introduced as a bill in Congress, has the potential to significantly effect commercial practices in the U.S. and move the U.S. toward current EU privacy protection laws. This analysis benefits managers as well as security professionals since the results can be used to ensure that their organization’s website practices are consistent with countries in which they exchange information.
Keywords: information privacy, e-commerce, legislation, international law.
Managers striving to gain competitive advantage through the use of Internet-based systems can easily find themselves frustrated by the differing, and often conflicting, expectations regarding privacy in different countries around the world. From a technology perspective, the inherent nature of the Internet radically reduces the importance of geography and allows international business transactions to be accomplished with ease. From a legal perspective, geography continues to exert a significant influence. Balancing local differences in privacy protection with the increasingly interconnected nature of Internet-based transactions, which often rely on sharing customer personally identifiable information (PII), is a massive challenge to managers and legislators today. Differences between countries must be considered when developing and implementing global Internet-based applications . Understanding the differences in regulatory approaches may be a key to successfully managing information privacy in a global marketplace that is dependent on transborder information flows, especially when the regulatory approaches of other nations are more restrictive. The international privacy challenge can be attributed to several factors, including legislative threats, cultural values and privacy perceptions . Milberg et al. , contend that cultural values and privacy perceptions differ among countries and those values and perceptions become intertwined with and exert a significant influence over differing legal environments. According to  it is impossible to understand the privacy concerns in the EU without understanding how history has influenced European values, for example, how Nazis used centralized collections of PII to round up and dispose of “undesirables.” Unlike in the U.S. where the courts have only recently discovered a constitutional right of privacy for a narrow range of conduct, as the U.S. Supreme Court articulated in striking down Texas...