Digital protection in a digital age.

Photo Source: Recent developments in European Consumer Law

Data protection is becoming more important as people are finding more ways to steal financial data, hack into webcams on computers, and even stealing images and use them for porn sites as discussed in Peter LaGreca’s article. The EU is responding to this by trying to pass legislation that would force global technology companies to obey European data protection standards, regardless of where the service comes.

Only last year the European Commission, the EU’s executive arm, proposed to set common data protection and privacy rules across the entire union. This new proposal intends to set even higher protection standards with violators risking a fine of up to 2 per cent of their global annual revenues.

U.S. companies, such as Google and Facebook, have been lobbying the European Parliament to grant them an exemption to the legislation. Erika Mann, Facebook’s head of EU policy said, [w]e are concerned that some aspects of the report do not support a flourishing European digital single market.” Eduardo Ustaran, the London-based head of the privacy and information group at law firm Field Fisher Waterhouse, said, “[w]hat was already a very complex piece of draft legislation has become by far the strictest, most wide-ranging and potentially most difficult to navigate data protection law ever to be proposed.”

However, the EU is unconvinced by these arguments. Viviane Reding, EU commissioner for justice, said, “[e]xempting non-EU companies from our data protection regulation is not on the table… [d]ata protection is a fundamental right in Europe…”

Peter Olson, a member of the Industry Coalition for Data Protection, points out that the negotiations between U.S. companies and the European legislator should be focused on creating “fair, balanced but yet progressive legislation” and that the proposal “should not be obstructed by politics or attempts to antagonize regions of the world and pit corporations against one another, as this would be a sure path to regulatory failure and economic contraction.”

After seeing the various opinions on the proposal, what is your opinion on the appropriate amount of protection for personal data? At what point do the protection policies become so extensive as to constrict the growth of business? What is the minimum amount of protection that should be guaranteed so as to allow consumers to have confidence in their use of the Internet? Should these data policies be enforceable regardless of the location of the business or should it be up to the country in which the business is located to provide for the protection of users?

Sources: Financial Times: Brussels fights US data privacy push Financial Times: Draft data privacy plan stokes concern



  1. Mr. Tortora raises many interesting questions regarding the balance between the level of protection for consumers and the desire to allow internet commerce to continue to flourish. While the European Union has the right to pass whatever legitimate regulations it likes, this particular issue has many significant consequences for the United States. As globalization continues, we can expect to see more and more demand for compromise from other nations that will increasingly be affected by regulatory government action from powerful commercial associations. The particular question asked by Mr. Tortora that I will address is what is the minimum amount of protection that should be guaranteed so as to allow consumers to have confidence in their use of the Internet? For that answer I refer to the Consumer Privacy Bill of Rights released by the Obama Administration in February of 2012. ( This Consumer Bill Rights is part of a blue print to ensure consumer protection but still keep the internet as an engine of commerce and innovation. ( These rights calls for transparency, respect for context, security, access and accuracy, focused collection and accountability. (Id.). The Consumer Privacy Bill of Rights is only one of four key elements in the plan the Administration has to increase consumer protection over the internet but I believe that it is sufficient to fulfill the minimum requirement of protection for consumers to continue to have faith in the internet. (Id.). As this bill develops we will be able to see the over sight and consequences of violating these rights.

    A proposed solution I believe to the problems facing American Internet Companies that operate in the European Union would be for the European Union to agree that if a certain American bill is passed, for example the Consumer Privacy Bill of Rights, they will agree that that is sufficient to meet the standard that they have with their own rules and so will grant an exemption as long as there is over sight by the United States. Mr. Tortora mentioned that exemptions are not an option but this would not be a full exemption, it would be a replacement of law where the objectives of the EU in terms of consumer protection are still met.

  2. Today, it seems that everyone supports or either appreciates the growth of technology and what it has given us, but as Zack mentioned, there are some pitfalls that come with this growth. So many people have had their reputations and lives destroyed because hackers have stolen and misused their private information. I am glad that the EU is attempting to prevent further injustice through legislation that would be enforced on all companies operating within the countries that are a part of the EU. If the EU did not enforce this data protection legislation globally, companies could find loop-holes to get around these protection issues. Obviously companies are against it because they do not want to comply with these standards that would cost them money. I understand where these companies are coming from when they argue that such legislation could hinder the growth of data exchange or technology or ideas or whatever throughout Europe. The benefits of the Internet and technology do help further our society’s growth and development but unfortunately it is being abused and it needs to be stopped. I believe making these companies establish better security standards is a small price to pay in order to protect their users.

  3. It is no surprise that Google and Facebook would be against a law that protects the privacy of internet users, considering both companies make their money by selling user data to other companies. Both sites have the ability to track your browsing history across certain websites if you are logged into their services. For example, if you see your Facebook information on a non-Facebook website, such as websites that contain Facebook “like” buttons, Facebook knows that you have visited that site, even if you do not click anything. If this worries you, there are extensions for most browsers that block this kind of tracking.
    Is this a violation of privacy? Both companies claim that when they sell user data, they do so anonymously, but the amount of data collected by everyday internet use is astronomical. This data is extremely valuable to advertisers, who are constantly looking at metrics and demographics to improve their effectiveness. Like Ms. Campbell said, big money is at play here.

  4. I don’t think that the European Union should exempt non-EU companies such as Facebook and Google from their data protection legislation. If this legislation is truly intended to protect Europeans’ information then large companies such as Google and Facebook that have access to large amounts of personal data, should be regulated by these laws.

    I appreciate the EU’s stance as being unconvinced by Facebook and Google’s arguments and I think that it is important to hold global technology companies accountable by forcing them to obey European data protection standards, regardless of where the service comes from. As Commissioner Reding said, “[d]ata protection is a fundamental right in Europe.”

    However, if businesses will truly be hurt by this legislation, perhaps the European Union should consider altering the legislation so it will not have a deleterious effect on businesses.

    We can all agree that the Internet and information technology have had a positive impact on nations’ economies, so for that reason, the interests of the information technology industry should also be taken into account in drafting this legislation.

  5. Just last week, over 1 billion users had their Facebook accounts hacked. Not surprisingly, Zuckerberg didn’t use the word “hack” when he described the breach to the press; “The word ‘hacker’ has an unfairly negative connotation from being portrayed in the media as people who break into computers. In reality, hacking just means building something quickly or testing the boundaries of what can be done.”
    The intruders didn’t steal any personal information but I believe that Zuckerberg’s characterization of the incident wouldn’t have been so blasé if he had over 1 billion subscribers complaining about a privacy breach. Nevertheless, we may see a different outcome after the next intrusion. And that next time will come. In late January, the New York Times and the Wall Street Journal were infiltrated by China-based hackers. Hacking is everywhere. Some of our largest companies are being defeated by these computer geeks and I think we may need to impose extensive protection policies, even if that means constricting the growth of our businesses, at least for the time being. If these companies can’t protect themselves and their subscribers, their credibility and sustainability will be at stake. Growth, at that point, won’t be an option because survival will be the priority.

Leave a Reply

Your email address will not be published. Required fields are marked *