How big is the divide between the United States and Europe when we talk about data protection and cybersecurity? And what is at the basis of the current differences between the two regional players? Is it just Snowden and the NSA, or is it a deeper issue?
I had the privilege to contribute to the European perspective among a large group of experts attending an interesting exchange about this in Washington DC. What was supposed to be a conference on cybersecurity policy and regulation became an exchange on privacy and data.
It is difficult for the EU and the US to work together in the field of online and data security as long as we have those other open quarrels on privacy protection and the rules applicable to transatlantic transfer of data.
I was a bit surprised to realize that the whole data protection regulatory approach in the EU is observed with a mix of admiration and respect by US experts. And -interesting enough-, it is our model which is in the way of becoming a world standard among democracies.
Boit systems are clearly different: we have a structured piece of legislation on privacy in Europe (currently in full revision), with clear definitions of privacy related data, and clear rules about the rights and obligations related to the use of those data; all with clear authorities responsible of enforcing those measures.
In the US, the legal protection of online privacy results of a diversity of legal instruments, enforced by different agencies and authorities. This is combined with the importance given to self regulation by companies.
But is the demand for online privacy by citizens that different in Europe and the US? No, as a matter of fact it isn’t. Americans do want their privacy protected as well.
What is radically distinct among “us” and among “them” can be reduced to a word: trust.
[Tweet “Europeans do not trust their government’s management of data and will not give them a blank check”]
The Stasi, Ceaucescu, and many other personal experiences of authoritarian invasion of private life have taken their toll in the public perception of the risks of abuse of personal data. The US public does not have that memory. It is not a perceived risk. Definitely not in the mainstream public opinion.
And what about private companies? What part of Europeans’ mistrust against Facebook or Google is addressed to those two companies and their privacy policies, or is addressed to their potential collaboration with the US Government? Difficult to say.
But what appears to be clear is that a huge amount of Europeans request from their public authorities, including their European legislators and the European Commission, to assume an active role in protecting them from this external potential intrusion.
An intrusion which, in the public perception, comes from the United States: in part from its Government, in part from its huge corporations which control the largest part of our online digital life.
If this is true, then the current transatlantic difficulties regarding online privacy require a social approach, must deal with this citizen’s mistrust, and are not just a matter of technical negotiation between experts or burocrats on both sides of the Pond.
The matter will only be solved if this public trust is reinforced. US companies have a lot to lose if the transatlantic flow of private data is halted; if the “safe harbour” scheme -which currently regulates in which cases private data originated in Europe can be transferred to and filed in the US- is interrupted.
But we know well that this scheme is not working, and the threat to annul it is real (and it may be the Court of Justice who annuls it in the fist place). The Commission -under huge pressure from the parliament- is negotiating this with the US.
But this is not just a legalistic issue to be solved like a trade negotiation of battery standards. This is a problem with deep social roots. The sooner American decision makers -in Congress, in Government-, understand this; the more possible it will be to rebuild the indispensable trust on the part of Europeans.
And only with that trust in place we will be able to work together, US and EU, in the search of common answers to the essential common threats to our online and digital security.