Disputes highlighting the tension between American and EU laws regarding privacy and Personal Information Protection are on the rise.
This is largely due to rapid changes in technology over recent decades that allow businesses and governments to aggregate and store massive quantities of data that can reveal personal information. In the commercial context, businesses use big data and metadata, to increase market efficiency and lower barriers to trade. In the national security context, governments rely on metadata to conduct criminal investigations and combat grave threats to society, such as those posed by terrorism and transnational crimes. At the same time, the proliferation of data collection jeopardizes important privacy rights.
On April 2014, in Digital Rights Ireland, the European Court of Justice(ECJ) struck down the Data Retention Directive, an EU legislative act that allowed telecommunications service providers to retain metadata from every EU citizen's emails, text messages, and telephone calls for up to two years, finding that it failed to meet the proportionality requirement under EU law. Similarly, on October 2015, in Maximillian Schrems v. Data Protection Commissioner, the ECJ struck down safe harbor agreements between the US and EU, finding that the US Government's ability to require third-party ISPs to turn over metadata of EU citizens to the US Government without “adequate protection” violated rights protected by the EU Data Protection Directive. These decisions were the result of European courts balancing domestic privacy rights against global security concerns and market interests. As a similar balancing test, in Microsoft Corp. v.
United States, the US Second Circuit decided that it is unlawful for a US magistrate judge to issue a warrant, pursuant to the Stored Communications Act(SCA), a domestic statute, to attain data exclusively stored abroad, and that it constitutes an unlawful extraterritorial application of the statute.
The priorities of EU member nations stand in stark contrast to those of the US. The EU takes a much stronger stance on privacy and data protection and restricts how companies transfer data to non-EU nations. In the EU's Data Protection Directive(“Directive”), the right to privacy is described as a “fundamental right and freedom.” This sentiment is echoed in other landmark EU documents such as the Convention for the Protection of Human Rights and Fundamental Freedoms.
Despite the very different treatment of the right to privacy in the US and EU, individuals live in an era of lightning-quick information transfers and an interconnected global economy in which the sharing of private data across borders is essential. Therefore, the standards for personal information protection establish legal remedies for infringement of rights for data subject and contribute to the development of law on personal information protection by emphasizing procedural justice, while dealing with the collection, processing, and exchange of information and developing practical legal principles such as object limitation.