Privacy has basically been the buzzword of the last two months. In the wake of the Facebook/Cambridge Analytica scandal — and with Europe’s new data protection regulations kicking in soon — it’s been used a lot, and understandably so. Companies just can’t seem to get user privacy right, and the users themselves seem to be constantly vacillating between either a state of total apathy or absolute rage as their data floats around the internet like a bag of chips at a house party. In times like these, it seems pedantic as hell to quibble over words and definitions, but perhaps we should be.

In an interview with The Outline back in March, Parsons School of Design professor David Carroll casually mentioned the startlingly large difference between how Americans and Europeans view privacy. It was the sort of comment that was easy to forget amidst all of the Cambridge Analytica fueled craziness, but now, nearly two months later, it only grows more profound. Allow him to explain:

“Europeans have a different cultural idea, I believe, about what privacy means and signifies,” Carroll said in a phone interview. “They strongly associate privacy with dignity. When you ask Americans what privacy means they would say things like, the ability to keep a secret, which is actually a very unsophisticated understanding of what it really is. Europeans tend not to even use the word privacy; they understand it as a fairly meaningless term, especially from a legal perspective. And that’s why they prefer the term data protection.”

The term “privacy” carries the distinct connotation of privilege. It’s the sort of thing that must be deliberately bestowed upon another. You tell someone, I’ll give you a little privacy, okay?, not You have privacy. It can’t exist without external grace.

Facebook’s definition of privacy is somehow even more vague that the traditional one. The actual word “privacy” was essentially stripped from the company’s privacy policy (which is now called “Data Policy”) in the last update. Now, its definition exists almost solely within a bizarre section called Privacy Basics. Despite what its name may imply, Privacy Basics isn’t really about user privacy from Facebook and its business partners at all. Most of the section is devoted to users’ privacy from each other: post privacy, sharing settings, and account controls. The one part that does touch on privacy in a more holistic sense is the Privacy Principles page, but even that rings a tad hollow. “We give you control of your privacy,” it says. “We want to make sure you know where your privacy controls are and how to adjust them.”

As clunky and boring as a term like “data protection” may sound, it has an undeniably different feel. It immediately implies that data in question is rightfully yours, and thus deserves protection when lent out. The conditional nature of the relationship is built in to the very phrase itself. It places the onus on the other, marking them as the party asking for a concession.

Substitute the phrase in for “privacy” as we see it most often in our day to day lives and the importance of this tonal difference becomes even more clear. Instead of “privacy policies,” we’d have “data protection policies;” Facebook’s “privacy scandal” would become Facebook’s “data protection scandal.” It not only clarifies the responsibilities of the third party holding on to your data, but it intensifies the significance of their protection. It’s not merely a task that companies are “supposed to do,” it’s a legal obligation.

Of course, the term “data protection” didn’t just spring out of the ether; it exists as part of the EU’s General Data Protection Regulation. In a section of the GDPR entitled “Data protection as a fundamental right,” the term’s importance is stressed again and again: “The protection of natural persons in relation to the processing of personal data is a fundamental right… everyone has the right to the protection of personal data concerning him or her.”

“Data protection is a legal concept that not only suggests property rights and civil rights, but also something you can prove and disprove, like you can prove or disprove whether your data was protected or not,” said Carroll when asked about the impact of such a change in terminology. “It’s really hard to define privacy, let alone determine if it was injured. From a legal perspective they’re way ahead of us, and we need to catch up fast.”