Past Releases and Reports
About Privacilla
Privacy Fundamentals
Privacy and Government
Privacy and Business
Online Privacy
Financial Privacy
Medical Privacy
Direct an e-mail to Privacilla!
Your Source for Privacy Policy from a Free-market, Pro-technology Perspective

Click to return to the Privacy and Business outline

Home > Privacy and Business > International Privacy Law, Directives, and Guidelines > The EU Data Privacy Directive

The EU Data Privacy Directive

Though it is not law in the United States, the European Union's Data Protection Directive is an important document in privacy debates today. Agreed to among European bureaucrats in 1995, the directive requires member countries of the EU to adopt laws that implement its terms.

The Directive creates rights for persons about whom information is collected, known as "data subjects." Entities that collect information must give data subjects notice explaining who is collecting the data, who will ultimately have access to it, and why the data is being collected. Data subjects also have the right to access and correct data about them.

This top-down, bureaucratic model imposes heavy costs and inconveniences on European businesses compared to the American system in which information flows freely and only harmful uses of information are prevented or punished. The Directive is also inconsistent in many respects with free speech.

The Directive creates stricter rules for companies that want to use data in direct marketing, or to transfer the data for other companies for that use. The data subject must be explicitly informed of these plans and given the chance to object. Stricter rules also govern sensitive information relating to racial and ethnic background, political affiliation, religious or philosophical beliefs, trade-union membership, sexual preferences, and health. Before this information may be collected the data subject must give explicit consent. There are exceptions to this rule for employment contracts, non-profits, and the legal system, among other things.

In order not to completely disrupt life in Europe, the Directive is riddled with exceptions. For example, data may be kept for personal and household use like an address book. Synagogues, trade unions, churches, and other non-profits are permitted to keep even "sensitive" information about their members. National governments are permitted to exempt journalists from provisions of the directive, if the government thinks free speech might outweigh privacy interests.

Ironically, because governments are the most voracious collectors, users, and sometime abusers of personal information, governments may exempt themselves from the Directive when it conflicts with their own interests in taxation or law enforcement. Though it is inspired by the bloody use some European governments made of sensitive personal information in the last century, the Data Privacy Directive does not hit that mark. The Directive fails to address privacy coherently because it does not recognize a rather fundamental premise: the vast difference in rights, powers, and incentives between governments and the private sector.

In order for American companies to transfer information about data subjects with European businesses, the EU and the U.S. Commerce Department negotiated an agreement. Called the "safe harbor" agreement, it outlines the conditions under which U.S. companies may receive information about EU data subjects. U.S. companies have have been reluctant to use "safe harbor."


Privacy as a Trade Issue: Guidelines for U.S. Trade Negotiators, by Solveig Singleton, Heritage Foundation (March 18, 2002)

Safe Harbor Web site, U.S. Department of Commerce (includes link to "Safe Harbor List" of companies adhering to safe harbor principles)

Concerns Regarding the EU Data Directive, by Professor Jacob Palme, Stockholm University (November 30, 2000)

EU-US "Safe Harbor" Privacy Arrangement U.S. Department of Commerce (July 21, 2000)

Privacy and Human Rights: Comparing the United States to Europe by Solveig Singleton, Cato Institute (December 1, 1999)

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

Comments? (Subject: EUDirective)

[updated 05/04/02]

©2000-2003 All content subject to the Privacilla Public License.