Paul M. Schwartz & Daniel Solove

Reconciling Personal Information in the United States and European Union

U.S. and EU privacy law diverge greatly. At the foundational level, they differ in their underlying philosophy: In the United States, privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions. In the European Union, privacy is hailed as a fundamental right that can trump other interests.Even at the threshold level-determining what information is covered by the regulation-the United States and European Union differ significantly. The existence of personal information- commonly referred to as “personally identifiable information” (PII)-triggers the application of privacy law. The U.S. and the European Union define this essential term of privacy law quite differently. The U.S. approach involves multiple and inconsistent definitions of PII that are often particularly narrow. The EU approach defines PII to encompass all information identifiable to a person, a definition that can be quite broad and vague. This divergence is so basic that it threatens the stability of existing policy mechanisms for permitting international data flows.

In this Essay, we propose a way to bridge these differences regarding PII. We contend that a tiered approach to the concept of PII (which we call “PII 2.0”) represents a superior way of defining PII compared to the current approaches in the United States and European Union. We also argue that PII 2.0 is consistent with the different underlying philosophies of the U.S. and EU privacy law regimes. Under PII 2.0, all of the Fair Information Practices (FIPs) should apply when data refers to an identified person or when there is a significant risk of the data being identified. Only some of the FIPs should apply when data is merely identifiable, and no FIPs should apply when there is a minimal risk that the data is identifiable. We demonstrate how PII 2.0 furthers the goals of both U.S. and EU privacy law and how PII 2.0 is consistent with their different underlying philosophies. PII 2.0 thus advances the process of bridging the current gap between U.S. and EU privacy law.

If Justice Kennedy’s nuanced and integrative approach is to endure, additional work is needed to provide a methodology that is detailed, coherent, and replicable. This Comment presents a conceptual framework that courts could use to engage in the type of weighing called for inWindsor while avoiding the decision’s vulnerabilities. Through the use of an approach in philosophy and normative economics called “deontologically constrained cost- benefit analysis,” the proposed framework balances the various utilitarian and deontological considerations in the same-sex marriage debate with greater clarity. Further, as applied to state bans on same-sex marriage, the proposed framework demonstrates why such bans ought to be declared unconstitutional: the purported costs of same-sex marriage, even when viewed in a light most favorable to opponents of same-sex marriage, are insufficient to override the relative strength of the due process and equal protection interests of gay and lesbian individuals.