I wrote this article (in French) for Globaliznow. It appeared on May 31, 2015
The Paradox of Privacy in the United States
A new study from the PEW Research Center reveals that Americans feel a certain digital insecurity. The NSA scandal, and the recent, just as spectacular cyber attacks have opened their eyes about the protection of personal information.
Working in the United States is almost like paradise for any marketing professional from France. There are few restrictions on the use of personal information, new technologies are very well established, and the first amendment guarantees freedom of expression and of the press. It is more broadly interpreted than in Europe, and the Americans don’t fuss about it too much.
While it is normal to see a suspect’s name and picture in the newspapers, Americans are however, much more sensitive to having their internet activities tracked. The phenomenon is even more surprising as they unwaveringly allow their email addresses or phone numbers to be used for promotional purposes.
New Data From the PEW Research Center
In May, the Pew Research Center published the results of a survey called “Americans’ Attitudes About Privacy, Security and Surveillance”. In this study, 93% said that they felt it was important to control who has access to information about them, and 90% reported that the kind of information collected was also important.
Expedia: A Prime Example
The daily routine reveals a completely different story. For the purposes of this article, I had fun performing a search on Expedia. I left my browser in “public” mode and searched for a return trip from Washington to Paris in July for 2 people. The best deal for a direct flight was $1,521.
I then modified my departure city and received a notification encouraging me to save my search, so I could be informed of any fare changes. Because I book all of my domestic flights on Expedia, my searches have always been automatically saved on the “scratchpad” without asking my permission. This time, I denied Expedia the right to save my search. Interestingly, it went ahead and saved it anyway.
What Right to Information?
88% of Americans say that it’s important to not be monitored without their consent. But only 34% consider public anonymity as very important. The right to information is a cornerstone of American society, and the first amendment establishes the freedom of expression and of the press. It originated as a reaction to Britain’s strong control over information circulating in their American colony. Today, this amendment enables anyone, regardless of social, political or religious status, to express and publish anything he or she wants.
There is no federal legislation in the United States regulating the issue of privacy; it isn’t a constitutional right, nor is the way personal information is handled. Only a few sectors like healthcare and banking, for example, have their own legislation governing it.
The Public Knows Little About the Safe Harbor Agreement
An agreement, known as the Safe Harbor Agreement, was nevertheless struck between the US Department of Commerce and the European Commission. American companies bound by this agreement must comply with the same requirements as their European counterparts when handling personal information collected in Europe and transferred to the United States. The agreement covers, among other things, consent, the right to access and modify information, the retention period, and the limits of how information can be used for the purpose(s) agreed by the user.
I consulted the list of companies that have adopted Safe Harbor and found Expedia Inc. Expedia did indeed ask my permission to save my search, but ignored my answer. All of my subsequent attempts to find a cheaper flight failed, as Expedia was still using the “Washington DC to Paris” information from my scratchpad. After completely shutting down my browser, I reopened it and put myself in “private” mode. My “scratchpad” thus disappeared. The same flight on the same dates was now priced at $1,311, a savings of $200!
Snowden, the Reason for a New Digital Insecurity?
In its article about information privacy, Pew Research Center said: Americans have little trust in the confidentiality of their information. Since Edward Snowden’s June 2013 revelation of NSA activities, Americans have witnessed many deficiencies in the way large US companies protect personal information. All of this has helped create a feeling of digital insecurity. As such, 76% of Americans have little or no trust in web advertisers when it comes to protecting their information, 69% for information communicated on social networking sites, and 66% on the search engines.
Americans are used to to finding personal information online, such as addresses, marital statuses, house purchase prices, criminal records, etc. The NSA scandal and repeated cyber attacks on well-known companies have certainly opened their eyes, but little change is to be expected in either legislation or their behavior.
How France Compares
In contrast to the United States, the protection of personal information is well-managed in France from a legal standpoint.
Directive 95/46/CE is the benchmark law on personal information protection. The 1978 Data Protection Act was modified in 2004 and supplemented by several decrees. They anticipated certain aspects of a European project which provided for harmonization of national legislations.
The first requirement for a business with a website: the legal notices must contain the company’s name and head office address, as well as the name of the person responsible for the site and that of the person responsible for handling information collected through the website.
When a company wants to collect information from its website users to create a “customer file” in particular, there are several obligations:
– The website user must expressly accept that the information provided might be used for promotional purposes
– It must report a file or request authorization from the Commission Nationale de l’Informatique et Liberté (National Commission on Informatics and Freedoms)
– The duration for which the company is authorized to keep the information depends on the purpose for which this information was collected. The authorization must therefore be renewed periodically or another authorization must be solicited.
– People whose information has been collected have the right to access it, and the right to update or change the information they have provided.
– When the intended use of the collected information changes, the person whose data was collected must renew his/her consent to the new use of his/her information.
Does France better protect information than the United States? That’s debatable…
Photo credit: © Gustavofrazao