Skip to Content

Privacy & Data

CDT Comments on EU Data Protection Directive

While the United States has procrastinated on piecing together a comprehensive privacy protection law, the European Union has had a privacy regime in place since 1995. The governing document for this regime is the Data Protection Directive, which has been incorporated into the laws of the EU member state in slightly different forms. In the absence of any comparable US privacy framework, the principles established by the Data Protection Directive have become the most influential privacy framework in the world.

But although it is comprehensive in many ways, the Data Protection Directive has significant weaknesses. Erratic enforcement and uneven implementation have left consumers and industry confused as to how the Directive’s principles apply to emerging practices. To address these weaknesses and provoke conversation about whether new types of privacy-related rights may be appropriate 15 years after the Directive’s creation, the European Commission recently held a consultation on the Directive.

In 2009, CDT submitted comments in response to a preliminary consultation on the future of the Data Protection Directive. Last week, CDT submitted more detailed comments in response to this most recent consultation by the European Commission. CDT's comments include suggestions for strengthening the core principles of the Data Protection Directive and for more rigorously implementing and enforcing those principles across the European Union. For example, CDT recommended that the EU consider a coregulatory model for enforcement of the Directive, but emphasized that such an approach must be made on an EU-wide basis and not vary among the member states. The comments also emphasized the intersection of the Data Protection Directive with other fundamental interests such as innovation and free speech. For example, CDT discussed the complexities of creating and enforcing a “right to be forgotten” with respect to user-generated content and the real risks to freedom of expression that such a right would create.

CDT looks forward to participating further in discussions about how to improve privacy frameworks in the EU and in the US. As both regions reconsider their approaches to privacy policy we are confident they will arrive at results that both protect consumer privacy and encourage innovation.