EU privacy proposals pressure U.S.

Two ongoing policy processes in Europe have produced strikingly different reactions
from American companies engaged in information-intensive activities. One deals with
privacy and the other with databases. Watch carefully as the American information industry
speaks out of both sides of its mouth.


The first development is the European Union's data protection directive. Data
protection is a European term for privacy of personal information. In 1995, the EU adopted
a data protection directive designed to provide a common, high level of privacy among its
members. It becomes effective in 1998.


If personal information regulated in Europe is exported, privacy protections can be
lost. As a result, the directive prohibits the export of personal data to countries that
cannot provide an adequate level of protection. Because the United States lags behind the
Europeans in protecting key personal information, data exports to the United States are
threatened.


American privacy advocates have tried to use these developments to advance a privacy
agenda here. But the business community remains resistant. Many American information
companies are hostile to privacy.


Some industry representatives openly bristle at the notion that American companies
should adopt European ideas. Listen carefully and you can hear an emotional reaction that
we don't have to do what the Europeans want us to do.


Now let's turn to the second issue about databases. This concerns the protection of
intellectual property that falls outside the scope of copyright protection. A 1991 Supreme
Court decision made it clear that some commercially valuable compilations of data could
not be protected by copyright. The same limitation of copyright law has been identified in
Europe, and the Europeans have taken a lead in seeking new protections for databases.


The EU and the World Intellectual Property Organization are considering new
international agreements that would provide a brand-new type of protection for databases.
The beneficiaries would be those information companies that create, compile and sell
databases through computer networks.


So what is the response from American information companies to the European database
initiative? The companies are demanding that we do exactly what the Europeans want. As
soon as this issue was identified, American companies rushed to draft legislation to
implement an international agreement that has not yet been adopted. They demand quick
action. We must act, they argue, because of the Europeans.


Just like the privacy issue, the database issue is a complex one. The proposed database
agreements identify a legitimate issue, but many questions remain. Opponents have just
begun to identify the issues and to present their concerns. The prospect of perpetual
protection for databases now in the public domain is neither simple nor non-controversial.


Strong objections have also been voiced by information users about the way a U.S.
position on databases has been developed. Some perceive that the U.S. policy process has
been too closed. Information companies teamed with a few federal officials to push the
issue, and the community of information users has been largely excluded and their concerns
ignored. It is not my purpose here to get into the details of either issue. In each case,
there is much to mull over. I mostly want to harp on the hypocrisy of some in the American
business community. Parts of the government are equally guilty.


The director of the National Library of Medicine recently criticized the database
proposals because of the prospect of new limits on public-domain data. Fair enough. But
for thirty years, the NLM engaged in anti-competitive, high-priced and blatantly
restrictive practices for its own public-domain databases. NLM has nerve criticizing
anyone for poor information policies.


No one can object when businesses act fairly to protect their own interests. If
companies want to oppose privacy protection and support database protection, they are
entitled to do so. But after years of hearing that we should not allow the Europeans to
dictate American privacy policies, it is more than a little outrageous that the same
industry representatives demand immediate action on databases because of European
pressure.


American information companies should stop using Europe as both a sword and a shield at
the same time. If business representatives want to blow hot and cold, they should do the
honorable thing and first get elected to Congress.


Robert Gellman, former chief counsel to the House Government Operations Subcommittee on
Information, Justice, Transportation and Agriculture, is a Washington privacy and
information policy consultant. His e-mail address is rgellman@cais.com.


inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group