Internet Privacy Law: a Comparison Between the United States and the European Union
David L. Baumer1, Julia B. Earp2 and J.C. Poindexter3
College of Management, North Carolina State University, Raleigh, NC 27695-7229
1David_Baumer@ncsu.edu 2Julia_Earp@ncsu.edu 3JC_Poindexter@ncsu.edu
Internet Privacy Law: A Comparison between the United States and the European Union
Abstract The increasing use of personal information in web-based applications has created privacy concerns worldwide. This has led to awareness among policy makers in several countries regarding the desirability of harmonizing privacy laws. The challenge with privacy legislation from an international perspective is that the Internet is virtually borderless but legislative approaches differ between countries. This paper presents a functional comparison between current privacy law in the European Union and in the United States, as such laws relate to regulation of websites and online service providers. In addition, we articulate the similarities and differences between the 2002 EU Directive 2002/58/EC, titled the Directive on Privacy and Electronic Communications, which has been adopted by the EU but not implemented, and the proposed U.S. Online Privacy Protection Act. Using a qualitative approach, we use the Fair Information Practices to organize discussion of comparisons and contrasts between U.S. and EU privacy laws. Our investigation of this topic leads us to conclude that the right of privacy is more heavily protected in the EU than in the U.S. The Online Privacy Protection Act, recently introduced as a bill in Congress, has the potential to significantly effect commercial practices in the U.S. and move the U.S. toward current EU privacy protection laws. This analysis benefits managers as well as security professionals since the results can be used to ensure that their organization’s website practices are consistent with countries in which they exchange information.
Keywords: information privacy, e-commerce, legislation, international law.
College of Management, North Carolina State University, Raleigh, NC 27695-7229
1David_Baumer@ncsu.edu 2Julia_Earp@ncsu.edu 3JC_Poindexter@ncsu.edu
Internet Privacy Law: A Comparison between the United States and the European Union
Abstract The increasing use of personal information in web-based applications has created privacy concerns worldwide. This has led to awareness among policy makers in several countries regarding the desirability of harmonizing privacy laws. The challenge with privacy legislation from an international perspective is that the Internet is virtually borderless but legislative approaches differ between countries. This paper presents a functional comparison between current privacy law in the European Union and in the United States, as such laws relate to regulation of websites and online service providers. In addition, we articulate the similarities and differences between the 2002 EU Directive 2002/58/EC, titled the Directive on Privacy and Electronic Communications, which has been adopted by the EU but not implemented, and the proposed U.S. Online Privacy Protection Act. Using a qualitative approach, we use the Fair Information Practices to organize discussion of comparisons and contrasts between U.S. and EU privacy laws. Our investigation of this topic leads us to conclude that the right of privacy is more heavily protected in the EU than in the U.S. The Online Privacy Protection Act, recently introduced as a bill in Congress, has the potential to significantly effect commercial practices in the U.S. and move the U.S. toward current EU privacy protection laws. This analysis benefits managers as well as security professionals since the results can be used to ensure that their organization’s website practices are consistent with countries in which they exchange information.
Keywords: information privacy, e-commerce, legislation, international law.
References: 2] 2-Milberg, S.J., H.J. Smith and S.J. Burke. Information Privacy: Corporate Management and National Regulation. Organization Science, Vol.11, No.1, January-February, pp.35-57, 2000. 5] 5-Westin, A. Privacy and Freedom. Atheneum, New York, 1967. 6] 6-Earp, J.B., A.I. Anton, L.Aiman-Smith and W. Stufflebeam. “Crossed Signals: What Users Really Want from Internet Privacy Policies.” The Academy of Management, August 1-6, 2003. 7] 7-Hofstede, G. Cultures and Organizations. McGraw-Hill, Berkshire, England, 1991. 8] 8-Dresner, S. Data protection roundup. Privacy Laws Bus. (U.K.) (33) January, pp 2-8, 1996. 10] 10-[OECD00] CDT’s Guide to Online Privacy: Privacy Basics: The OECD Guidelines, accessed on August 6, 2002 at http://www.cdt.org/privacy/guide/basic/oecdguidelines.html, 2000. 11] 11- Baumer, D.L., J.B. Earp, and P.S. Evers, Tit for Tat in Cyberspace: Consumer and Web Site Responses to Anarchy in the Market for Personal Information, Journal of Law and Technology, Vol. 4(2), 2003, pp: 217-274. 12] 12-Earp, J. B. and D.L. Baumer, Innovative Web Use to Learn about Consumer Behavior and Online Privacy, Communications of the ACM, Vol. 46 No. 4, 2003, pp: 81-83 13] 13-Volokh, 2000 14] 14-Online Privacy Protection Testimony of FTC Commissioner Sheila F. Anthony Before the U.S. Senate Committee on Commerce, Science, and Transportation, May 25, 2000, located at: http://www.senate.gov/~commerce/hearings/0525ant.pdf. 15] 15-Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace, A Report to Congress, 2000.