Vanderbilt Law Review

First Page



Internet users in the United States and the European Union ("EU") often debate the state of international data privacy, while scholars and companies also present questions to the Internet community regarding the regulation of data privacy and the amount of regulation required in the U.S. Inquiries range from how to determine the necessary degree of regulation and how to implement regulations to how to enforce any regulations that the U.S. lawmakers may pass. Historically, the EU and the U.S. approach data privacy regulations in diametrically opposed ways. While the EU relies primarily on legislation and heavy regulation, the U.S. has adopted a market- based, self-regulatory approach to data privacy. The EU further distinguishes itself from the U.S. by implementing an approach that guarantees its citizens protection of their "fundamental rights." Such protection allows for strict governmental control of information flow. The U.S., on the other hand, does not recognize data privacy as a fundamental right, employing instead a less prophylactic approach than that taken by the EU.

Despite these ideological differences, the EU codified its "fundamental right" principle in 1998 when it enacted Directive 95/46 (the "Directive"). With the Directive, the EU created a broad, overarching piece of legislation that gives significant power to the individual with regard to use of her personal information. First, it purports to create uniformity in EU data practices by requiring companies to inform consumers of what they plan to do with the personal information which they collect from their websites. Second, in so doing, the Directive requires the respective companies to secure affirmative consent from consumers to collect, use, and disseminate the U.S. utilizes self-regulation and that consumers do not have privacy rights in the sense that Europeans define privacy.

Included in

Privacy Law Commons