Abstract

http://ssrn.com/abstract=2271442
 


 



Reconciling Personal Information in the United States and European Union


Paul M. Schwartz


University of California, Berkeley - School of Law

Daniel J. Solove


George Washington University Law School

September 6, 2013

102 California Law Review (2014 Forthcoming)
UC Berkeley Public Law Research Paper No. 2271442
GWU Legal Studies Research Paper No. 2013-77
GWU Law School Public Law Research Paper No. 2013-77

Abstract:     
U.S. and EU privacy law diverge greatly. At the foundational level, they differ in their underlying philosophy: In the United States, privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions. In the European Union, privacy is hailed as a fundamental right that can trump other interests. Even at the threshold level — determining what information is covered by the regulation — the United States and European Union differ significantly. The existence of personal information — commonly referred to as “personally identifiable information” (PII) — is the trigger for when privacy laws apply. PII is defined quite differently in U.S. and EU privacy law. The U.S. approach involves multiple and inconsistent definitions of PII that are often quite narrow. The EU approach defines PII to encompass all information identifiable to a person, a definition that can be quite broad and vague. This divergence is so basic that it threatens the stability of existing policy mechanisms for permitting international data flows.

In this Essay, we argue that there is a way to bridge these differences regarding PII. We contend that a tiered approach to the concept of PII (which we call “PII 2.0”) represents a superior way of defining PII than the current approaches in the United States and European Union. We also argue that PII 2.0 is consistent with the different underlying philosophies of the U.S. and EU privacy law regimes. Under PII 2.0, all of the Fair Information Practices (FIPs) should apply when data refers to an identified person or where there is a significant risk of the data being identified. Only some of the FIPs should apply when data is merely identifiable, and no FIPs should apply when there is a minimal risk that the data is identifiable. We demonstrate how PII 2.0 advances the goals of both U.S. and EU privacy law and how PII 2.0 is consistent with their different underlying philosophies. PII 2.0 thus advances the process of bridging the current gap between U.S. and EU privacy law.

Number of Pages in PDF File: 36

Keywords: privacy, PII, personal data, personally identifiable information, EU Data Protection Directive, Fair Information Practices, comparative law, European privacy

Accepted Paper Series


Download This Paper

Date posted: May 29, 2013 ; Last revised: September 22, 2013

Suggested Citation

Schwartz, Paul M. and Solove, Daniel J., Reconciling Personal Information in the United States and European Union (September 6, 2013). 102 California Law Review (2014 Forthcoming); UC Berkeley Public Law Research Paper No. 2271442; GWU Legal Studies Research Paper No. 2013-77; GWU Law School Public Law Research Paper No. 2013-77. Available at SSRN: http://ssrn.com/abstract=2271442 or http://dx.doi.org/10.2139/ssrn.2271442

Contact Information

Paul M. Schwartz
University of California, Berkeley - School of Law ( email )
Boalt Hall #7200
Berkeley, CA 94720-7200
United States
Daniel J. Solove (Contact Author)
George Washington University Law School ( email )
2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)
HOME PAGE: http://www.law.gwu.edu/facweb/dsolove/
Feedback to SSRN


Paper statistics
Abstract Views: 6,923
Downloads: 1,460
Download Rank: 5,967

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo3 in 0.937 seconds