Who has better online privacy? The U.S. or EU?
A street in Brussels, outside the European Parliament.
There's a lot of debate over whether United States or European Union online privacy protections are better. They certainly take different approaches.
To that point, we have the tale of two online privacy activists: Parker Higgins in San Francisco, and Xander Bouwman from the Netherlands. Higgins is 26. Bouwman is 21.
Higgins works for the Electronic Frontier Foundation. Bouwman is an information sciences student and volunteer activist.
In theory, the EU has it better: Privacy law across the Atlantic actually guarantees protection of personal data, and new digital privacy legislation being considered by the European Parliament would strengthen those guarantees.
How does that affect the average person? If Bouwman did a Google search, Google would have to tell him before it shared his tracking information outside the EU.
Bouwman likes that: "I would want to know if Google is behind a page, and using analytics to make a profile of me," he says.
The differences continue. When Bouwman logs onto Facebook, he has the right to access all the data Facebook has on him. That is something Higgins doesn't have.
Europe isn't perfect. It would be almost impossible for Bouwman to get all of his Facebook data, because enforcement in Europe hasn't been strong. It's left up to privacy regulators who don't have much power.
As Higgins contends: "The laws are important here, and it's great that this is happening in Europe. And I'm jealous of it in the U.S. But at the same time, if it's about enforcement, you know, these companies can collect sort of whatever they want."
"Yeah, Parker I can only agree with you here, " says Bouwman.
The lawyer's point of view
Now, Higgins and Bouwman aren't lawyers. So I'm going to bring a law professor into the conversation.
David Sorkin teaches information technology and privacy and consumer law at the John Marshall Law School in Chicago.
He says in the U.S., we enforce our digital privacy rights, albeit privately.
"That is, the right to sue," he explains. "And sometimes, that would have to be in the form of a class action. Whereas in the EU it's mostly data protection commissioners, regulators, who impose the rules and enforce them."
The data protection legislation the EU Parliament is considering would give privacy regulators a lot more enforcement power.
U.S. tech lobbyists and government officials say the EU legislation is too rigid, and the U.S. system is more nimble with its many different privacy laws, covering everything from health data to video rental records.
"There's a huge gulf across the Atlantic which is taking many years to resolve and I think is many years off yet," says Simon Davies, founder of Privacy International.
But our 20-somethings don't want to wait that long. So Bouwman says his generation is taking things into their own hands.
"I held a CryptoParty in Amsterdam a few months ago," he says. (A CryptoParty is a chance for privacy nerds to get together and swap tips for evading online profiling and tracking.) "It might sound really wild because it's called a party but usually we host these at public libraries."
Higgins says it's not just a European thing. He holds CryptoParties, too.
Higgins and Bouwman say, if they CryptoParty hard enough, they can stitch together their own privacy blanket. They hope eventually, pokey lawmakers and government officials will catch up.