How many industries are there in the US

Data protection in the US: where does it compare to Europe?

The most important information about data protection in the USA in brief

  • In the USA, data protection is different from the EU not generally and comprehensively regulated.
  • Instead there is industry-specific regulations. Much, however, is based on Voluntary commitments on the part of the company.
  • In addition to the low level of protection, the extensive access powers of the US authorities.

Specific information on data protection in the USA

Safe Harbor Privacy Shield

Data protection in Germany and the USA: two different worlds?



In Germany and Europe, data protection in the USA is an issue above all when it comes to the large Internet companies such as Google and Facebook. What do you do with our data, where do you save them and what happens to them then? These are usually the questions the dispute revolves around.

It prevails there a lot of ignoranceabout privacy in America. In some cases it seems to be assumed that data protection does not even exist in the USA. In order to bring a little clarity to the regulations that apply across the Atlantic, the following is intended an overview of the law applicable there and related to the German and European regulations.

How is data protection regulated in the USA?

Unlike in Germany with the Federal Data Protection Act and at European level with the General Data Protection Regulation, there is no general and comprehensive data protection law in the USA. Rather, there are separate laws for individual areas. For example, there are separate regulations for the economy and trade, for the health system and for the financial sector.

Companies are after these industry-specific data protection laws the USA, for example, is obliged to guarantee the security of stored personal data. In addition, they must comply with comprehensive reporting obligations in the event of data leaks - which also has a disciplinary effect in preventive terms.

Basically, however, the principle applies that Companies set their own level of data protection. If they then violate their own promises, this is considered a deceptive or unfair practice, which in turn has consequences under competition law.

The supervisory authority has extensive means to enforce the implementation of these data protection regulations in the USA. In this way, it can carry out required changes in the company long-term review measures not only to force, but also to control. In addition, it can high penalties impose.

Two different approaches: data protection in the EU and the USA

The difference in approach stems from a different point of view. During the protection of personal datais seen as a fundamental right in Europe, data protection in the USA is considered part of consumer protection law, ultimately as a Element of economic life.

In Germany, the census ruling of the Federal Constitutional Court of 1983 is decisive for data protection Basic right to informational self-determination derived from Article 2 paragraph 1 of the Basic Law in conjunction with Article 1 paragraph 1.
This economic view of data protection is also expressed in the fact that the Data protection supervision in the USA by the Federal Trade Commission (FTC) to the Federal Trade Commission, which is responsible for the control of companies under competition law and consumer protection law.

In Germany and the EU, on the other hand, there are independent data protection authorities or officers who for both public and non-public bodies are responsible.

Restriction of data protection by security laws in the USA

Regardless of the individual laws that regulate data protection in the USA to some extent in the various economic sectors, the security of personal data is not guaranteed there to the extent that it would be desirable on the European side. Interventions come primarily from the state.

The basis is in particular the USA PATRIOT Act, a law that was passed after the terrorist attacks of September 11, 2001 and which Massively expand the powers of the security authorities.

So can the authorities Access data without a judicial orderthat are stored on servers in the USA. Since the Snowden revelations, it has also been known that these accesses do not only take place selectively, but that a permanent and broad evaluation of the data is technically possible and practiced.

This brings up the question of data protection in the USA, for example with the Use of American email providers or cloud services, has been raised with all violence for European citizens. Personal data that are transmitted to the USA can be used at the latest since this knowledge are no longer considered safe.

Data exchange and data protection between the USA and the EU

Since the Data Protection Directive of 1995, European data protection law provides that no personal data from the EU may be transferred to unsafe third countries. In terms of data protection, due to the situation mentioned above, the USA is also considered a third country that does not have an adequate level of protection.

In order to enable data to be transmitted nonetheless, special regulations were negotiated under the name Safe Harbor and Privacy Shield are known. These are agreements that are intended to provide American companies with a sufficient level of protection for data so that it can be transferred there Compatible with European data protection law is and can be allowed.

Safe Harbor and Privacy Shield

The Safe Harbor Agreement on corporate data protection in the US worked so that Companies publicly committed to certain data protection principlesissued by the US Department of Commerce. They were then placed on a list kept by the Ministry.

Safe Harbor was declared invalid by the European Court of Justice in 2015 because, in the opinion of the court, it was do not ensure adequate data protection. In order to continue to have legal security when exchanging data, a successor agreement called the Privacy Shield was negotiated, which contains some tightening, but according to critics not the Lack of data protection in the USA can fix.

especially the extensive powers, which are assigned to the US security authorities by the American legal situation, make it seem less expedient to have adequate data protection in the USA Corporate commitments to reach.

Privacy advocates therefore recommend to be on the safe side to use European alternatives. Companies in particular would otherwise have to fear possible sanctions under the General Data Protection Regulation (GDPR) for violating European data protection law.

(57 Ratings, average: 4,14 of 5)
Data protection in the US: where does it compare to Europe?
4.14557Loading ...

You might also be interested in: