Privacy, known in Europe as “data protection,” looms as a serious trade issue between the United States and Europe. If the establishment of the World Trade Organization (WTO) represents an international statement in favor of global free trade, the European nations’ data protection laws represent a threat to that regime. Currently at issue are countries’ regulations governing financial privacy. Consumers and businesses on both sides of the Atlantic will benefit if the United States maintains a strong stand in trade negotiations to protect the free flow of information across borders and within the United States.
Under a European Union (EU) regime known as the Data Protection Directive, which took effect in 1998, an EU member nation may refuse to allow a U.S. firm operating in Europe to transfer personal data out of the country if privacy protection for the firm’s data in the United States is determined to be inadequate. In July 2000, the U.S. Department of Commerce and European officials negotiated a “safe harbor” agreement describing what steps U.S. firms must take to satisfy the standard of “adequacy.” The safe harbor agreement took effect in November 2000, but it did not apply to financial services companies. Financial services companies, Bush Administration Treasury representatives, and European officials carried out negotiations throughout 2001, with the Bush Administration rejecting Europe’s first proposals.
These negotiations are the latest stage in the evolution of privacy as a trade issue. U.S. lawmakers face pressure to reject the American tradition of the free flow of information and to develop a top-down regulatory regime for the governance of privacy and data. Some of this pressure stems from the differences between the EU countries and the United States: The EU countries have enacted broad data protection rules; the United States has not. Canada also has enacted a data protection regime similar to that in Europe.
The differential presents a classic trade problem. Country X prohibits or heavily regulates certain activity; country Y does not. The activity continues and expands in country Y, while representatives in country X become more frustrated. What should these countries do? Tolerate the regulatory arbitrage? Sanction country X to remove its regulations, or sanction country Y to adopt them? In large part, the answer depends on whether policymakers think that country Y or country X is doing the right thing. The assumption often is made that by passing data protection laws, the European nations are doing the right thing and the United States is not.
On close examination, this assumption is flawed. U.S. rules have favored the free flow of truthful information about real people and real events throughout the economy, with privacy as a carefully crafted exception rather than a default rule, and with protections for sensitive information that affects national security and defense. Only by protecting the free flow of information can consumers and firms around the world reap the full benefits of free trade.