What can we learn from Europe about online privacy?
A woman looks for a job on the Pole Emploi website on July 28, 2011 in the northern city of Bailleul, France.
If you want to look at this issue in an extremely simple way, you might say that Europe is a lot more fond of regulation than the United States is.
Paul Schwartz is a law professor at the University of California, Berkeley, and a director of the Berkeley Center for Law & Technology. He tells us, "In Europe, there is a comprehensive privacy law in each nation which requires that online privacy be protected. In the U.S., we regulate sector by sector, and there are notable gaps in protection. We have statutory protection for things like health care privacy, video privacy, credit card records. But there is no one law that protects online privacy. The exception for that is there is a Children's Online Privacy Protection Act, but that only protects those who are 13 years or younger."
Could a European model pass in the United States? Make it through the House and the Senate and past the president's desk with a signature? Technically, it's possible. There's certainly been a lot of talk about such a measure in the past. But up until now, it's mostly been talk. You would have to get all of Washington lining up behind it as well as compliance from big tech companies and Internet service providers.
That's a tall order on its own. But it seems even steeper when you take into account the cultural differences between the United States and Europe. Bill McGeveran is a professor at University of Minnesota's Law School and says, "There's really no question that it's a completely different understanding of the private self. Europeans see privacy as part of a bundle of fundamental human rights and they regulate it the same way they regulate lots of other things, with centralized structures that would look bureaucratic to an American point of view. In the U.S., we think privacy is important, but we see it more as something to be dealt with as one of a bunch of market forces. We don't want what we see as heavy handed regulation."
"I think that what you often see in the response in Congress or in regulatory agencies in the US is targeted solutions aimed at particular narrow problems. And those can be effective. So, there's some concern now about location privacy. (Sen.) Al Franken introduced a bill about location privacy. There's some concern about online behavioral advertising and tracking -- you see a couple of bills on that. The European approach instead is to have global data protection rules that cover all industries online and offline in a uniform way and I don't think you're going to see that in the U.S."
So Congress will talk about what Europe's doing but don't expect to see anything imported over here any time soon.
Also in this program, a new vocabulary word: typosquatting. That's where someone grabs a domain name similar to a more popular name already in use and waits for the emails to come pouring in. Two security researchers set up 30 such domains as an experiment and harvested 120,000 emails in six months, some with extremely sensitive materials. Whoops. Type carefully.