HF – You argue in a forthcoming report that the European Union does not understand how well the U.S. protects privacy. Why is this so?

CK – We think that there are a lot of misperceptions in Europe about the U.S. We don’t have the kind of single comprehensive law that Europeans are familiar with. We have a complex body of laws at the state and federal level covering various sectors, and we have what amounts to common law with the FTC enforcing privacy standards on a case-by-case under a very broad mandate. An increasing number of agencies are getting involved, and states have their own laws too. In the Privacy Bridges program, an effort by regulators and academics on both sides of the Atlantic to come up with pragmatic ways to bridge the gap, the first thing everyone had to do was to come up with a 1-2 page paper describing the other continent’s privacy laws. Even those highly informed experts in the field had massive and divergent misunderstandings and misconceptions. If it’s hard for experts, it’s exceptionally hard for most people. The report is an effort to walk people through the elements of the American system for commercial privacy and surveillance and to show how that compares with the European system.

AD

AD

HF – If you were to think about a possible solution to this dispute, what would the main features of the solution be?

CK – Dealing with the political reality, we have to see what steps are doable in the near term. I think that in the long term there is a lot more that can be done about interoperability of the two systems, but we need to rebuild trust first. That has been a real casualty of the Snowden stories.

HF – If an agreement isn’t reached, what are the likely consequences for the United States and U.S. businesses that rely on Safe Harbor?

CK – I think it’s a recipe for chaos, because you’ll have 44 different data protection authorities trying to resolve issues about other transfer mechanisms. That creates a lot of uncertainty, and undoubtedly there will be adverse decisions that will play out in proceedings in front of data protection authorities, proceedings in front of national courts, and eventually European courts over a period of time. It won’t be great.

AD

AD

HF – And if an agreement isn’t reached, what are the consequences for the European Union?

