The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures, 126 Harv. L. Rev. 1966 (2013)
Internet scholarship in the United States generally concentrates on how decisions made in this country about copyright law, network neutrality, and other policy areas shape cyberspace." In one important aspect of the evolving Internet, however, a comparative focus is indispensable. Legal forces outside the United States have significantly shaped the governance of information privacy, a highly important aspect of cyberspace, and one involving central issues of civil liberties. The EU has played a major role in international decisions involving information privacy, a role that has been bolstered by the authority of EU member states to block data transfers to third party nations, including the United States. The European Commission's release in late January 2012 of its proposed "General Data Protection Regulation" (the Proposed Regulation) provides a perfect juncture to assess the ongoing EU-U.S. privacy collision. An intense debate is now occurring about critical areas of information policy, including the rules for lawfulness of personal processing, the "right to be forgotten," and the conditions for data flows between the EU and the United States. This Article begins by tracing the rise of the current EU-U.S. privacy status quo. The European Commission's 1995 Data Protection Directive (the Directive) staked out a number of bold positions, including a limit on international data transfers to countries that lacked "adequate" legal protections for personal information. The impact of the Directive has been considerable. The Directive has shaped the form of numerous laws, inside and outside of the EU, and contributed to the creation of a substantive EU model of data protection, which has also been highly influential.