Privacy in Paris (France and Texas Editions)

Have you ever tried to add a German as a Facebook friend? If so, you will know that this is a very difficult procedure. If you haven’t: This is a very difficult procedure because Germans, by and large, do not use their real full names on Facebook. “It is a matter,” they will tell you later, once you’ve asked why they’re hiding, “of privacy.”

And such a moment will remind you of so much that divides our friends across the Atlantic. In this case, it’s a flipped sense of where we each see threats to privacy.

On their continent, the German Facebook Friend Challenge reflects the continental framing that privacy is a concern of the commercial realm. As Federal Trade Commissioner Julie Brill explained to New America’s Peter Singer and Christian Science Monitor’s Sara Sorcher in the latest episode of the Cybersecurity Podcast (listen for the privacy talk and get a chat with former NSA director Michael Hayden as a bonus), “Europeans view privacy as a fundamental right.”

Well, so do we Americans. But, here it’s mainly a fear of government misuse of our data. When it comes to companies, Americans distinguish between sensitive and other data (the former is protected; the latter, allowed to flow freely), whereas, to Europeans, privacy from companies is a fundamental right, too. “The meme that runs around Europe,” Brill said, “is that we’re the wild west of privacy.” And while that actually isn’t true, our framework, with its distinction between types of data, understanding of commercial privacy as a consumer, not citizen, issue, and even the separate roles of federal and various state governments, is different from Europe’s, and “difficult to explain in a soundbite.”

Can’t we all just get along?

In fact, sort of. Both understandings of privacy are meant to be addressed through “Privacy Shield,” the new agreement governing the transatlantic flow of data between the United States and European Union. It is the replacement of the previous “Safe Harbor” agreement, struck down by the European Court of Justice this past October—although, as Brill noted, Europeans had long expressed interest in a new data transfer mechanism, one adequate and sufficient to uphold European privacy values.

Privacy Shield is supposed to do that, and could push Americans to put more robust principles in place. Many Americans might be loathe to admit that we need to learn from or listen to Europeans, but the reality is that, even if Americans don’t see consumer privacy as a fundamental right, 89 percent of American consumers will stop visiting a website if they feel that that website isn’t dealing with data responsibly (this, according to a study cited by Sorcher). A mechanism that makes data transfer more secure benefits Americans as much as it does those on the other end of the Atlantic, particularly as the Internet of Things further complicates privacy policies and data security. Per Brill, “Consumers have some responsibility [in privacy safety and data security], but much, much more needs to be taken on by industry.” Even in America.

And, as with data after the implementation of the agreement, privacy improvements flow both ways: In America, it was the states, not the federal government, that required companies to notify consumers of data breaches. This is part of the patchwork solution to privacy that seems so strange in and to Europe—but Europe recently “adopted this notion of data breach notification” based on the legislation passed at the American state level. “That,” said Brill, “is how significant that work has been.”

The short version is that both Americans and Europeans could strengthen their (our) privacy frameworks. And that Privacy Shield is one mechanism by which we can do just that. Companies that sign on will have to closely examine data practices, and measures against failure to comply will be enforced. It is Brill’s belief that, as more companies sign up, more will understand that they themselves can protect their consumers’ privacy. “This could,” she said, “be the beginning of a recognition that we too in America can have broad-based laws.”

And perhaps that Germans, too, can use their last names on Facebook.