Last month, the European Commission proposed a new directive to enhance Internet privacy rights by regulating the access, collection, and use of personal data online. The proposed regulation would require Internet-based companies to obtain consumers’ express consent before using their personal data, and would also require those companies to delete user data upon request. The new directive would protect information ranging from e-mail and IP addresses to bank records and posts on social networking sites.
Notably, the proposed directive will not exempt American-based companies doing business in the European Union. Rather, the new regulation would require companies that offer services to EU citizens to provide the same protections for personal data handled outside the EU. This could be a potential blow – or at least an administrative hurdle – for global companies like Facebook, which has already been subject to multiple lawsuits involving users’ privacy rights in the United States.
While U.S. legislators may eventually follow the EU’s lead and enact statutes to broaden the right to online privacy, the United States has historically lagged behind Europe when it comes to privacy protection. In fact, the EU Charter of Fundamental Rights expressly guarantees the right to “protection of personal data.” Still, if the new EU regulation passes parliament this year, American Internet giants like Amazon and Facebook may have to revise their privacy policies for European Union consumers. This should at least prompt Congress to consider whether American Internet users deserve the same protections.