News & Resources

Publications & Media

“U.S. Jurisprudence Hurting U.S.-EU Data Privacy Relations”

Safe and Sound By Andre Fiebig

The trend of U.S. courts to dismiss claims by individuals whose data privacy rights have been violated throws yet another wrench in the efforts to achieve a practical resolution of the U.S.-EU dispute over the transfer of data from Europe to the U.S.

What comes as a surprise for many Europeans is that we here in the U.S. have a sophisticated set of data privacy rules. So theoretically it should be easy to convince the EU data privacy regulator and the Commission that the U.S. legal system offers equivalent protection, and they should therefore allow companies to transfer data from Europe to the United States.

One problem with this approach is the enforcement of the data privacy laws. Earlier this year the European Commission and the U.S. Department of Commerce hammered out an agreement that would give European standing in U.S. courts for violations of the data privacy rights of Europeans. This is also one of the themes being discussed in the efforts to find a resolution to the declaration by the European Court of Justice that the U.S.-EU Safe Harbor Agreement is not binding on the EU member states. The problem is, however, the trend among U.S. courts is diametrically opposed to the objectives of the European Commission to give individuals whose privacy rights have been violated an adequate remedy. The recent decision of the 7th Circuit in Silha v. ACT, Inc. (Nov. 18, 2015) provides a good illustration. The basic claim in that case was that ACT, Inc. collected personal data on students and wrongly transferred those data to third parties without the consent of the data subjects. The court assumed that the defendants had engaged in wrongdoing, but the court dismissed the case because of the lack of injury: “Plaintiffs have not alleged that they lost anything of value as a result of the alleged misconduct.”

This case will not help restore confidence in Europe that the U.S. provides adequate protection of personal data and will make it even more difficult to reach a political resolution of the data privacy dispute which is practical for trans-Atlantic business.