海角大神

A majority of Passcode Influencers said that Europeans should be allowed to sue in US courts if their personal data is听misused.

A new data-sharing agreement is currently听in the works听between the US and European Union, after the European Court of Justice struck down a the 15-year-old Safe Harbor agreement allowing companies to transfer data across the Atlantic.

European policymakers and privacy advocates are arguing for stronger protections for Europeans鈥� personal data, such as Web searches, as it鈥檚 transferred to the US 鈥� and some want Europeans to have the right to sue in US courts for privacy breaches.

There is already movement in that direction. Earlier this year, Brussels and Washington agreed Europeans could sue if their personal data transferred to US agencies for law enforcement purposes is misused. But it鈥檚 up to Congress to allow it to happen.听As a bill听makes its way to the Senate, 76 percent of Passcode Influencers say that Europeans should have that right to sue in US听courts.

鈥淲ithout access to US courts and real remedies, the privacy rights are more promise than protection,鈥� said Jenny Durkan, chair of the Cyber Law and Privacy Group at Quinn Emanuel law听firm.

Passcode鈥檚 Influencers Poll is a regular survey of more than 120 experts (listed below) in digital security and privacy, from across government and the private sector. To preserve the candor of their responses, Influencers have the option to comment on the record or anonymously.听

For some Influencers, the whether or not Europeans should be allowed to sue came down to human rights. 鈥淎t heart of the question is whether privacy is a human right,鈥� an Influencer who preferred to remain anonymous said. 鈥淚f yes, [give them] the right to sue. If no, we should have fundamental questions about interpretation of the Constitution.鈥�

It鈥檚 also a matter of fairness, some said. 鈥淚f data is indeed being misused, there should be a remedy. What the question doesn鈥檛 ask is what should count as misuse. But there鈥檚 no reason to offer differing protections here based on the citizenship of the person whose data a company is handling,鈥� said Jonathan Zittrain, a Harvard law professor. 鈥淎nd protection irrespective of country of origin is not only the right thing to do. 听It also gives US companies an important competitive advantage.鈥澨�

Making a decision about whether to give Europeans legal rights is just the tip of the iceberg, 听said Sascha Meinrath of tech policy think tank X-Lab. The bigger issue, Mr. Meinrath said, is whether courts can provide sufficient remedies for data听abuses.

鈥淪o long as international agreements signed by the US impact European Union residents, they should have full access to avail themselves to the US legal system,鈥� he said. 鈥淪adly, what they are likely to find is that the US court system has proven woefully ill-equipped to handle surveillance and data collection malfeasance.鈥�

A 26 percent minority of Passcode Influencers said Europeans should not be given the right to sue in US courts. 鈥淭his would require ratification of law that allows US companies to be strictly responsible for every privacy law whim of every other country,鈥� said an Influencer who prefers to remain anonymous.

The Influencer instead argued that other approaches would be more effective to achieve the same end: Privacy protection? 鈥淎 better approach would be a single Internet wide ratified legal framework rather than the patchwork of country and state privacy laws that are a huge burden on businesses.鈥�

Allowing Europeans to sue, another Influencer who preferred to remain anonymous said, is a debate for another听time.

鈥淟et鈥檚 get the more basic extraterritorial stuff right first, and then work on this one,鈥� the Influencer听said.

What do you think?听VOTE in the readers鈥� version听of the Passcode Influencers Poll.

For a full list of Passcode Influencers, check out our interactive masthead.

Comments:

YES:

鈥淓uropeans should have the same right to sue as Americans under the Privacy Act.鈥� -听Peter Swire, Georgia Tech Scheller College of Business

鈥淭he legal right follows from the commercial use. Simple solution is to minimize the collection of personal data. This would have many benefits - including the risks of data breach, identity theft, and financial fraud. But the innovative solutions will not emerge unless there is liability for the misuse of data.鈥� -听Marc Rotenberg, Electronic Privacy Information Center

鈥淵es, if (i) subject to the same exemptions that already protect the appropriate law enforcement and intelligence-gathering activities of the U.S. government from improper disclosure, and (ii) part of an umbrella agreement with the EU that facilitates the flow of transatlantic data and that ensures US persons have similar remedies vis-a-vis European governments.鈥� -听Bobby Chesney, University of Texas School of Law听

鈥淲ith Congress choosing not to act on data privacy, it鈥檚 up to the courts (and the FTC) to create case law-based guidance. Lawsuits should be an option for anyone wronged by the misuse or failure to reasonably protect personal data.鈥� -听Chris Finan, Manifold Security

鈥淭his is a practical matter. If Europeans don鈥檛 have rights to sue here, then they鈥檒l just force US companies operating there to give them the rights to sue there. This makes sorting out jurisdiction harder, as well as further fueling the fight over safe harbor, use of personal data, misuse by the US government and so on.鈥� -听Jon Callas, Silent Circle

鈥淐learly a complex issue, but Europeans should have protections over their data within US borders. The more important questions becomes: Which laws apply? Should Europeans be able to seek protections under European law, or American law?鈥� -听Influencer
鈥淭hey may well have the right to sue; the much harder question is whether they should win or if they do, what the remedies should be. In my view even if the answer to the first question is 鈥測es,鈥� the question to the latter two are far less certain to produce a positive outcome for Europeans.鈥� -Influencer

鈥淓uropean law offers more default protection to citizens and more clarity on data ownership than the US. Since US law does not so clearly define these matters, the only recourse to Europeans traveling or doing business with US company is the right to sue for avoidable misuse.鈥� -听Nick Selby, StreetCred Software听

鈥淪ure. If they can show US law was somehow transgressed.鈥� -听Influencer

鈥淵es, but Europeans should not expect that they will have broader access to information about the intelligence activities of the US government than Americans do 鈥� or than they have at home with their own governments.鈥� -Influencer

鈥淵es, with the caveat that there is an international standard for 鈥榤isuse.鈥欌�� -Influencer

鈥淔or clarity, the right to sue in US courts assumes a number of facts, including whether the defendant is within the jurisdiction of US courts and violated a US law.鈥� -听Influencer

鈥淎t heart of the question is whether privacy is a human right. If yes, the right to sue. If no... we should have fundamental questions about interpretation of the Constitution.鈥� -听Influencer

NO:

鈥淣o. 听And 鈥榥o鈥� for all forms of cross-border arbitrage of statutory law.鈥� -听Dan Geer, In-Q-Tel

鈥淣o, no more than US citizens should have the right to sue in European courts, when the French, German or any of numerous other national intelligence services use and/or abuse data about US citizens.鈥� -听Influencer

鈥淭his would require ratification of law that allows US companies to be strictly responsible for every privacy law whim of every other country. A better approach would be a single Internet wide ratified legal framework rather than the patchwork of country and state privacy laws that are a huge burden on businesses.鈥� -听Influencer

鈥淟et鈥檚 get the more basic extra-territorial stuff right first, and then work on this one.鈥� -听Influencer听

What do you think?听VOTE in the readers鈥� version听of the Passcode Influencers Poll.