The widening transatlantic divide on privacy
The latest privacy developments in the United States seem to be pointing it in the opposite direction to Europe with worrying implications for the transatlantic digital economy. As I had the privilege to serve as Digital Champion from Spain, I believe that an educated viewpoint on what happens in the domestic US market is needed to feed into the discussions on transatlantic data flows.
Only with an informed, effective evolution of regulatory frameworks can we achieve in Europe the enormous potential of digital industries for our economy. What is happening now on both sides of the Atlantic? On the European side, the EU has struggled over the past few years through the painstaking process of harmonising and updating its data protection rules, eventually resulting in this year's General Data Protection Regulation. The US system, however, now seems to be instead moving towards fragmentation and more prescriptive rules for Internet Service Providers (ISPs) versus other Internet companies, including some of the largest users of personal data such as Google and Facebook (GAFA).
Specifically, the latest changes have seen the US Federal Communications Commission (FCC) take responsibility for the data protection practices of ISPs. By reclassifying them as common carriers, the FCC has given itself the power to regulate the way they handle privacy matters with restrictive data protection rules that will not apply to GAFA and other companies who do handle user-generated data in a similar way. The data practices of those companies remain under the authority of the Federal Trade Commission (FTC), meaning there are now two authorities with quite different approaches overseeing US privacy concerns, where before there was only one.
These moves are again likely to puzzle policy makers in Europe, where the conversation has been explicitly about whether to expand the scope of the continent's eprivacy legislation so as to include these companies. This approach seems far more aligned with the realities of the 21st century digital economy, which has seen these edge providers emerge with unrivalled access to consumers' data. Indeed, from European eyes it appears strange to see the US, normally a leader on digital issues, take this apparently retrograde step.
However, there are also larger issues at stake in terms of the transatlantic relationship. The close attention paid by public authorities, companies and citizens to the delayed Privacy Shield decision, has revealed the importance of this relationship to the data economy. Organisations have lined up to underline the importance of a working relationship and agreement on data transfers between the two regions.
These signs of further divergence can only unsettle these negotiations and may bode ill for the chances of a workable consensus being reached between the two parties. Already, the European Data Protection Supervisor has asked for clarification on the respective roles of the two US authorities now responsible for data protection. Meanwhile a number of Parliamentarians have aired their concerns that the US changes will disturb the Privacy Shield developments and even represent a double standard from the side of the Americans.
These complaints are not without merit. The US has long held that its data protection rules meet the EU's privacy requirements and adequately protect EU citizens' data. Its sudden change of stance domestically can only lead to further doubts and questions from the side of the Europeans. While the global data economy needs the two regions to work together and show leadership on these issues, instead we are seeing them drift apart.