U.S. privacy model to prevail globally

Computerworld - Europe must take credit for galvanizing world attention on data protection, but it'll be the U.S. model of privacy that nations choose in the coming years. Why? Because markets, not governments, will determine how people balance privacy and convenience. American markets will move faster than EU bureaucrats to enable people around the world to control their personal information. In the process, the former Colonies will reshape the terms of debate for the central controversy of the Information Age.
Europe was the world's privacy pioneer; hats off to her. In 1980, the European Community forged the Organisation for Economic Co-operation and Development's agreement on the first international guidelines for data protection. In 1995, the EU passed the Data Protection Directive, the first comprehensive legislation on the subject. Through these achievements, Europe led the world in recognizing privacy as an intrinsic right necessary for human dignity and freedom. Europe's leadership, however, is faltering.
In typical EU form, all its member states have yet to implement the directive, and its major companies appear to be waiting in the wings. Just 48% of European members of the Global 100 post their privacy policies online, while 97% of their I.s. counterparts do. Less than half of U.K. Web sites comply with Britain's data-protection law. Meanwhile, European bureaucrats can't agree on details such as privacy standards for computer cookies.
Most important, what Europe is proposing is simply too big a pill for the world to swallow. In Europe, privacy is an inalienable right. In practice, this means privacy must be enforced across every corner of society, online and off-line. Since the EU citizen exists wherever his personal data does, his rights must be defended around the world -- to the point of jailing executives and disrupting commerce. Countries wanting to follow Europe, then, must dramatically expand their legal definition of "person" and be prepared to become a less desirable place for foreign investment. As a result, Europe will find it difficult to force or persuade more countries to join its expensive privacy club.
Enter the U.S. Derided by Europe as an "inadequate" destination for personal data, the U.S. has made more progress on privacy than its Euro-critics have. By focusing on key industries -- financial services and health care -- our lawmakers have created more detailed and enforceable privacy protections for the most sensitive information. In the Children's Online Privacy Protection Act, we have the world's most stringent protection for children online. High-profile lawsuits here have spurred widespread corporate action in the areas of cookies, data sharing and data security. U.S. privacy policies disclose more detail than their European counterparts. The Direct Marketing Association's opt-out programs are models of industry self-regulation. American firms lead the world in developing privacy technologies such as Platform for Privacy Preferences Project. All this without a comprehensive national privacy law.
Governments will ultimately favor the U.S. approach because it's simple and flexible, and this will reshape the terms of debate. The American market says you need to do three things right: informed consent, data access and data security. You can vary the details by industry, and you should focus efforts on the online world, which harbors the greatest threats to privacy. Africa, Asia and the former Soviet Union will gravitate toward the U.S. scheme as the least disruptive way to show progress on a concept that's new to their cultures. Canada, Australia and Latin America, whose privacy laws look European, will primarily enforce the three U.S. principles. Ontario will be Europe's only ally.
History will tip its hat to Madame Europa as the visionary that saw an information economy where people were treated with dignity and respect. And it will adore Lady Liberty, whose torch lit the way.
Cline manages data privacy at Carlson Companies Inc., a Minneapolis-based group of businesses in the travel, hospitality and marketing industries. Contact him at privacy@computerworld.com.