Today's technologies allow information to be collected, compiled, analyzed, and delivered around the world more quickly and inexpensively than ever before. Information once difficult, time-consuming, and expensive to obtain and compile is often available with a few clicks of a mouse. Consumers cruise the 'Net seeking all kinds of information. Companies, too, benefit, creating new markets as the 'Net allows them to reach potential customers easily and cheaply. Increased access to information about customers can reduce marketing and inventory costs, making consumer information a hot commodity.
The Information Age's greatest promise is also its greatest threat. Enormous amounts of information are collected about individuals. Banks and credit card companies maintain information on payment histories and buying patterns. Supermarkets and other retail stores track consumer purchases using checkout scanners. As individuals peruse various sites on the Internet, mouse clicks can be tracked -- so-called "mouse-droppings" -- providing profiles not only of what people buy, but also of what they read, their health concerns, and perhaps their political and sexual preferences. Thus, information technologies increase the risks to privacy geometrically.
The fact that so much information is now used on a global basis further complicates the primary issues. Multinational companies may ship all their personnel data to one location for recordkeeping, benefits, and payroll purposes; credit card companies may do the same with bankcard information for billing purposes. Credit and insurance markets increasingly operate on a global basis and may require the transfer of information about individuals across borders to evaluate their creditworthiness or insurance risks. And, the inherently global nature of the Internet further complicates the matter.
Many nations share concerns about the impact of the expansion of electronic networks on information privacy. The United States and the European Union (EU) are both addressing these concerns, but in markedly different ways that may lead to disruptions in trade.
Same goal, different means
While the U.S. and the E.U. generally agree on the underlying principles that individuals should have the opportunity to control their personal information, they employ very different means to achieve this goal.
The EU's approach grows out of Europe's history and legal traditions -- protection of information privacy is viewed as a fundamental right. The emphasis given to information privacy in Europe arises at least in part from intrusions into information privacy that were at the root of some of the abuses of World War II.
The EU began examining the impact of technology on society over a decade ago; the inquiry culminated in the adoption of a directive in July 1995 specifically addressing information privacy issues in all 15 member countries. (The directive is formally titled Council Directive on the Protection of Individuals With Regard to the Processing of Personal Data and On the Free Movement of Such Data.) By October 1998 each member state must bring into force laws, regulations, and administrative provisions to comply.
A quick review of the directive's basic terms makes clear that, consistent with European tradition, the directive takes a highly regulatory, overarching, and inclusive approach to privacy issues.
The directive's scope is extraordinarily broad. It has two basic objectives:
1. To protect individuals with respect to the "processing" of personal information (defined as information relating to an identified or identifiable natural person).
2. To ensure the free movement of personal information within the EU through the coordination of national laws (Article 1). It applies to all processing of data, manual as well as automatic, and all organizations holding personal data; it excludes from its reach only data used "in the course of purely personal or household activity" (Article 3). …