This article analyzes the past twenty years of data privacy disputes between the European Union and the United States, beginning with Safe Harbor in the late 1990s and concluding with the Schrems judgment in 2015. We argue that the recurring transatlantic disputes and the difficulty in reaching a stable political compromise can be explained by fundamental differences in privacy law between the two jurisdictions. The comparison with EU law brings out four important characteristics of U.S. law: constitutional law has relatively little to say in the policy area of data privacy; the substantive limits in statutory law on data collection, use and transfer (what roughly speaking falls under the rubric of European “proportionality”) are not particularly robust; regulation of the private sector is piecemeal; and the law establishes a two-track system of privacy guarantees for U.S. and non-U.S. persons, with significantly fewer protections for non-U.S. persons. In canvassing the latest episode of transatlantic conflict, which began with the Snowden revelations of NSA spying, the article also considers the involvement of European intelligence agencies and the question of whether their practices violated the letter of European privacy law as set down by the European Court of Human Rights.
GW Paper Series
GWU Law School Public Law Research Paper No. 2015-52; GWU Legal Studies Research Paper No. 2015-52
Bignami, Francesca, Transatlantic Privacy Regulation: Conflict and Cooperation (2015). Law and Contemporary Problems, Vol. 78 (Fall 2015); GWU Law School Public Law Research Paper No. 2015-52; GWU Legal Studies Research Paper No. 2015-52. Available at SSRN: http://ssrn.com/abstract=2705601