In most of the European Union, even public figures have a right to privacy. Article 8 of the European Convention on Human Rights gives all EU citizens the right to respect for one’s private life. This gives the majority of Europeans privacy rights that are envied around the world, even if Privacy International suggested in 2010 that the privacy situation in Europe is “mixed.”
In the US, there is no explicit right to privacy. While courts have ruled that “penumbras” that implicitly protect citizen’s rights to family lives and correspondence, Americans give up most of their privacy when they go to work.
Here’s a look at how the digital privacy laws of the world’s two largest democracies compare.
In the EU even your personal correspondence on your work computer is protected. Thanks to Data Protection Directive employers not only have to notify employees if any private data is being monitored, they also have to prove there is a good reason to do so.
As Melissa Ngo, the publisher of Privacy Lives, points out, in the United States, “Employees have few privacy rights in the workplace.” In most cases, employers can even read personal email sent on a work computer, even if the mail is not stored on work servers.
It is even against the law for companies to Google a job applicant in Finland. Germany is considering a law that would make it illegal to look up an applicant on Facebook . In general, public information may be viewed. But companies must explicitly state what information they keep and how they use it in accordance with the Data Protection Directive.
Nearly 90% of American companies use LinkedIn for recruitment. A recent decision by the Federal Trade Commission indicates that the last seven years of your social media activity may be fair game in a background check. Americans should expect that any public post that includes their name may be accessed by a potential employer.
When the Chaos Computer Club (CCC) identified a software backdoor, which they claimed was being used by the German government, many assumed this was in violation of the German constitution. In fact, the German Federal Constitutional Court declared in 2008 that the “integrity in information-technology systems” is a “fundamental right”. However, German courts have approved over 50 requests by law enforcement to use spyware. So in Germany, at least, spyware is being used by law enforcement, with courts supervising the activity.
Government documents indicate that the US government is using spyware to track persons of interest, sometimes without a warrant. Potential government surveillance seems to be an accepted fact of American life as the PATRIOT Act is continually renewed.
(Note: F-Secure joined several anti-virus makers in blocking the German federal malware, though no F-Secure customers had been infected by the backdoor. F-Secure Labs has never been asked to ignore a government backdoor, and would never do so.)
Right to Be Forgotten
The European Union has stated that its citizens should have the right to be forgotten online. This means that “individuals should have the right to have their data fully removed when it is no longer needed for the purposes for which it was collected.” Europe v. Facebook has been advocating that European Facebook users petition the world’s largest social network for a copy of their data. European law gives all citizens the “right to access” such data but the site says Facebook has been ignoring this.
US citizens currently have no “right to be forgotten” though the Privacy Act of 1974 requires that all companies disclose how customer data will be used. Senators John Kerry and John McCain have proposed the “Commercial Privacy Bill of Rights Act of 2011” which includes a reasonably scoped “Right To Be Forgotten”. That bill is currently in committee.
In April, Google decided to end Street View in Germany. The decision came after a protracted battle with German citizens who saw this initiative to create a digital image record of the country’s public streets as an invasion of their privacy.
Google met no such widespread opposition to Street View in the United States where many realtors and real estate sites depend on Street View to maximize a property’s exposure to potential buyers. Are home owners in Germany sacrificing a powerful tool in favor of privacy? Is this a choice that Americans would be willing to make?
Let us know if your privacy sensibilities are closer to the European or American point-of-view in the comments.
You rarely have to go looking for cyber security news anymore. Whether it's WannaCry, NotPetya…
August 9, 2017