At a global level, there are two major models of personal data protection that contain well- differentiated characteristics and particularities: on the one hand we find the Anglo-Saxon archetype and, on the other hand, the characteristic model of continental Europe.
Both legal regimes are based on different conceptions as to what is understood by personal data, one of them protecting the expectation of the subject who owns the data, while the other focuses its attention on that information that allows it to be associated in actual or potential form to a natural person.
In this article, it is intended to highlight the most important characteristics and differences of both models, comparing the object of protection -privacy or personal data itself-, its regulatory framework, its enforcement, among other issues.
1) Legal Framework.
While the European Union has centralized the regulatory framework of protection in a General Regulation -the GDPR-, the United States has chosen for a more sectorized and dispersed model, which protects privacy depending on the area where a certain subject operates –consumer relationships, insurance, medical/clinical field, among others-, which are combined with federal and state laws that provide protection to the private sphere of a person.
2) Object of protection.
While the US regulations have a tendency to treat the data from the point of view of a commercial asset, from which the owner must demonstrate an “expectation of privacy” -with objective and subjective edges- to obtain legal protection to its scope of privacy, the GDPR treats any type of data associated with a natural person that determines to identify it in a real or potential way, as an object of protection, putting the protection of the subject in the upfront before commercial interests.
Regarding the interests of the citizens of each of the territories that have polarized the legal framework of privacy and the protection of personal data in the world, while in Europe the interest of the individual subject is prioritized, where all data that is associated with it and that allows it to be identified in whatever field – digital, clinical, documentary, etc. – is worthy of protection; In the United States, citizens in some ways allow the interference of different actors in their digital, family, credit environment, in pursuit of their interests or benefits -for example: accessing credit, buying a house, a better medical insurance, among others-.
4) Protection time.
The differences between European and American regulations also focus on the protection of time and the mechanisms they generate to make their rules enforceable when an event or situation occurs that violates someone’s privacy and personal data. The GDPR focuses its attention on the mechanisms aimed at preventing acts that attempt against the owner of the data, while in the United States, compensation is a posteriori and is resolved in the judicial sphere.
5) Collection and processing data.
While the European Regulation applies to the collection and processing of data, principles such as the limitation of the purpose, legality and minimization, that is to say that the data must be collected and treated with a lawful purpose in mind, collecting those that are necessary without exceeding and that, once the task is fulfilled, they must be destroyed and / or discarded; The diverse American regulations focus the collection and processing of personal data from an extra-personal point of view, focusing on aspects such as commerce, economy, surveillance, market, among others.
In order to understand a little more about these antagonistic legal regimes and the differences proposed above, there are those who face the study of their bases, from a more ideological point of view and the role that the State plays in the protection of human rights, privacy and personal data of individuals. That is, while in Europe, a more paternalistic protection is inferred from the States Members, where the premise is the safeguarding of the citizens and their information; the United States prioritizes the role of the market and the need to tend to the convenience of the different actors that comprise it, where the State only interferes when a violation of the data and privacy of a subject is perpetrated, with a more repressive and for the particular cases.
As it can be seen in these few lines, it is possible to understand, even fully and broadly, where each of these territories focus their attention and the role that the States occupy in the normative regulation of that portion of reality. Each law brings with it a myriad of concepts, precepts, and rules that must be complied with under the protection of each legal conglomerate.
If you require any type of advice on Data Protection and Privacy, at Moeller IP Advisors we have an extensive network of professionals worldwide to satisfy your interests.