The Privacy Mindset Of The EU Vs. The US
From the Desk of Robert E.G. Beens, co-founder and CEO of Startpage:
Europeans have a long history of privacy invasions. During World War II, the Nazi regime used highly sensitive personal data from local population registers to locate and round up Jews, with horrifying results. Later, in communist East Germany, the reach of the combined secret police and intelligence agency Stasi extended into every aspect of civilian life as surveillance and repression of dissent were perfected. It’s not surprising that against this backdrop, Europe has made — and continues to make — great strides in ensuring the privacy of its people. (https://www.tracesofwar.com/articles/5329/Raid-on-the-Population-Registry-of-Amsterdam.htm)
Today, the differences between the privacy mindset in Europe and the U.S. are obvious in the digital arena. It’s become the norm in the U.S. that online behavior gets tracked and used for a slew of subsequent manipulation. U.S. legislation isn’t even close to providing adequate protection of consumer privacy interests. In internet privacy rankings, 14 of the top 20 countries demonstrating the highest commitment to digital privacy are European (the U.S. placed 18th). There are reasons for that — not the least of which, I believe, are choices made by U.S. big tech and the government. (https://bestvpn.org/privacy-index/)
Let’s explore what puts the U.S. behind Europe in the privacy stakes.
Americans’ expectations for privacy.
Unlike the typical mindset in Europe, many Americans choose to believe that their online behavior being tracked happens in their best interests or is a price to pay for getting free or discounted products. (https://www.pewresearch.org/internet/2016/01/14/privacy-and-information-sharing/) Even after Edward Snowden revealed how vastly expanded the government’s ability to spy on its own citizens was after Congress passed the Patriot Act legislation, still only half of Americans said they disagreed with the government’s actions. (https://www.people-press.org/2013/06/17/public-split-over-impact-of-nsa-leak-but-most-want-snowden-prosecuted/)
It seemed to take multiple high-profile data breaches for privacy to finally have a “moment” that Americans supported. (https://www.ibtimes.com/infographic-most-americans-support-consumer-data-privacy-protection-law-2794205) Europeans are still more likely to take charge of their privacy. Of Startpage’s split of users, who lean more privacy-conscious, Europe represents 56% of a typical day’s private searches overall — with Germany specifically representing 36% — and the U.S. representing 21%.
The U.S. overrules EU privacy standards.
While Europe sets some commendable standards like the General Data Protection Regulation (GDPR), which is used to police the use of personal information by major companies and organizations online, it does little for Americans’ digital privacy rights. (https://gdpr.eu/)
GDPR was adopted on April 14, 2016, and before it became enforceable on May 25, 2018, the U.S. Congress enacted the Clarifying Lawful Overseas Use of Data (CLOUD) Act on March 23, 2018. Rather than being compatible with the GDPR, the U.S. CLOUD Act overrules it. (https://www.congress.gov/bill/115th-congress/house-bill/4943)
Federal law requires U.S.-based software companies and IT service providers to ensure that authorities can have access to all stored data, including data stored on foreign servers. Furthermore, it guards U.S. service providers from having to tell customers whether authorities have requested their data. European companies can object to any data transfer, but the chances are it will end up with the U.S. government, which can share the data as it likes.
U.S. big tech has too much influence.
There are big structural differences between the EU and the U.S. In the EU, the center of gravity is Brussels, where many politicians from all EU countries meet in order to work and advance together toward concrete results. (https://europa.eu/european-union/eu-law/decision-making/procedures_en)
The U.S. economic center of gravity is Silicon Valley. When you think about all the personal data that big tech companies can provide to U.S. government intelligence agencies, it’s not surprising that there was a “long history of close cooperation” between them and intelligence agencies’ offices. (https://www.reuters.com/article/us-usa-security-siliconvalley/strong-ties-bind-spy-agencies-and-silicon-valley-idUSBRE96214I20130703)
I believe many big tech companies have an immense economic interest in making sure any online privacy regulations are weak and do not limit their business models too much because knowledge, to them, can also equal power.
One lobbying group that represents internet companies is striving for a federal privacy law that would preempt more state regulations like the California Consumer Privacy Act (CCPA), which actually makes real progress. (https://www.eff.org/deeplinks/2019/09/big-techs-disingenuous-push-federal-privacy-law) Its ideal federal privacy law would undermine the CCPA to essentially let companies return to business as normal and also make it impossible for other states to set the bar even higher.
When I think about macro trends such as America’s competition against China, it’s easy to see how the government could favor weaker federal privacy regulations. After all, restricting the use of consumer data could set U.S. tech companies back significantly against Chinese companies in arenas like artificial intelligence. (https://www.datainnovation.org/2019/08/who-is-winning-the-ai-race-china-the-eu-or-the-united-states/.)
Mass surveillance is too easily normalized.
Another threat is the government’s work with companies (including U.S. big tech) to use technology to collect potentially sensitive health and location information data in the fight against Covid-19. While there are undeniable safety concerns from the global pandemic, the worry from a privacy perspective is that the U.S. government will use people’s fears to normalize mass surveillance. (https://www.bloomberg.com/news/articles/2020-05-21/big-tech-and-government-s-contact-tracing-systems-have-flaws)
In contrast, the government in the Netherlands back in April actually abandoned its initial plan to develop a Covid-19 tracing app and appointed a new team to oversee the project due to privacy concerns over the initial seven designs. (https://www.irishtimes.com/news/world/europe/netherlands-abandons-initial-plan-to-develop-covid-19-tracing-app-1.4236355)
The example of Snowden’s whistleblowing shows that the U.S. hasn’t had the best track record for using its data collection powers all for good or just on a temporary basis. Clearly, the U.S. has a lot of lost ground to be regained when it comes to privacy.
In the meantime, there are ways that Americans can at least try to protect their own digital privacy. I would suggest favoring technology by EU-headquartered companies for better data protection and thinking about how you can go about your daily online activities in a more private way, such as swapping over to private search.