EU Privacy Law

In March 2006, the European Commission passed the European Data Retention Directive. This directive legally requires all Internet and telephone service providers in the EU to retain records of communication data for up to 2 years. While communication service providers are _not_ allowed to retain records of the _content_ of communications, virtually all other data about the communications is required to be collected and stored, to be turned over to the authorities upon request.

The data required to be collected, at each instance of communication, is as follows:

For telephone communications (both mobile and stationary):

• The telephone number, name, and address of registered user(s) of both call or sms initiator and call or sms recipient.
• The date, start time, and end time of the communication.
• Data identifying the type of communication service used (eg. phone call, sms, video message).
• The geographical location of both parties in the entire duration of the communication.
• Data identifying user's communication equipment

For Internet communications (including Internet access, e-mail, and Internet telephony):

• The userID (unique ISP provided ID), telephone number (if dial-up), name and address of registered user of both the internet communication initiator and recipient.
• The date and time of log-in and log-off to Internet access service, IP address, whether dynamic or static, user ID, date and time of the log-in and log-off of e-mail or VoIP service of both parties.
• Data identifying the type of communication service used (eg. site access, Sype, AIM).
• The phone number for dial-up access; the digital subscriber line (DSL) or other end point of the originator of the communication.

U.S. Privacy Law

See full article History of U.S. Privacy Laws

Americans are skeptical of having the government have their information but OK having business handle it [1]. That is, in the US privacy protection is essentially liberty protection, i.e. protection from government [2]. Moreover, American privacy law has never fully embraced privacy within relationships; it typically views information exposed to others as no longer private.[3] This is not that surprising since U.S. Privacy law historically focused on protecting the liberty of each individual citizen from the government.

See also Court Cases on Privacy

Divergence of U.S. and European Privacy Laws

Origins

Warren and Brandeis did not write on a nearly blank slate when they crafted their “right to privacy.” Instead of developing and expanding the robust law of confidentiality that already existed, Warren and Brandeis took American privacy law down a different path. [4]

• Before the Warren and Brandeis article, English and American privacy law were on a similar trajectory, being built out of the same materials and concepts. American judges read English precedent and attempted to situate their rulings within the fabric of the common law. Afterwards, the paths diverged. The path Warren and Brandeis charted for American privacy law was not that of developing the law of confidentiality. [5]
• Instead of creating a law of privacy, however, England developed a law of confidentiality, which was explicitly distinguished from privacy. Ironically, both the American law of privacy and the English law of confidentiality emerged from the same source – the Prince Albert case.[6]

European Privacy Law?

• According to past EU laws precedents, new laws regarding, say, someone posting embarrassing photos of another on Flickr would be illegal, as it is an invasion of privacy and offends one's dignity. It would not, however, offend liberty (and it seems that such liberty arguments are largely moot anyways with the introduction of the Patriot Act, which gives the government incredible access to our private information, and hence our liberty).

Avner Levin and Mary Jo Nicholson's definition of Canadian Privacy Law:

• " ...the right to control access to one’s person and information about one’s self. The right to privacy means that individuals get to decide what and how much information to give up, to whom it is given, and for what uses....A multicultural society does not attempt to impose on its members values, which some elements in it may very well hold dear—such as dignity or liberty—but encourages the development of these values autonomously, within a multicultural framework. Canadians, it seems, perceive their privacy as most importantly protecting this autonomy, and believe that members of society should be free to decide for themselves what is important for them to control" (Levin, Avner and Nicholson, Mary Jo, "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground" . University of Ottawa Law & Technology Journal, Vol. 2, No. 2, pp. 357-395, 2005 Available at SSRN: http://ssrn.com/abstract=894079).

Problems with American Privacy Law

• "Americans want their government to let them interact freely with one another and to not intervene." But this is changing: "As e-mails, modems, and PCs break down the boundaries between work and home, there are progressively fewer private or public spaces for citizens to express themselves autonomously. The Internet has blurred the distinction between the home and the office, as Americans are spending more time at the office and are using company-owned computers and Internet servers to do their work from home. But as technology poses new challenges to geographic concepts of privacy, courts have not been encouraged to think creatively about how to reconstruct zones of individual privacy and free expression." (Levin, Avner and Nicholson, Mary Jo, "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground" . University of Ottawa Law & Technology Journal, Vol. 2, No. 2, pp. 357-395, 2005 Available at SSRN: http://ssrn.com/abstract=894079)

• More broadly, since American privacy law often remains focused around individualistic conceptions of privacy, it has not fully embraced protecting confidentiality in relationships. In many other contexts, such as trade secrets and business confidences, American law readily provides remedies against unwarranted breaches of trust. But in the domain of privacy, American law has not progressed nearly as far as English law in recognizing and protecting trust in relationships. An increased recognition of a confidentiality-based conception of privacy might also have significant implications in other areas of American privacy law that developed under the influence of Warren and Brandeis. [7] (Richards, Neil M. and Solove, Daniel J., "Privacy's Other Path: Recovering the Law of Confidentiality" . Georgetown Law Journal, 2007 Available at SSRN: http://ssrn.com/abstract=969495)