Why is privacy a subject felt more in Europe rather than the US?
Almost regularly there is news on this or that US (internet) company that must adapt its practices for European customers, since they tend to be too lax with regards to privacy protection according to EU regulations; while from the US perspective there is no problem.
Why is this generally the case? Why do US citizens and companies tend to be less concerned about privacy with regards to their European counterparts? Is it due to some historical event? Or it simply "is" and there is no major drive to change the status quo?
In Europe, companies have to report exhaustively all the data you store. The problem (for example from Facebook) they do not report all the data they collect, specifically.
That title has got to go. Your question is : why are the privacy policies of European ISPs stricter than the ones in the US.
@Federico Interesting article. An alternative way to interpret what you see: a huge segment (I daresay majority) of Americans look at regulation, in general, in a negative light. Regulation translates to *restriction* and while most of us are not entrepreneurs, there is this visceral idea of the self-started American (the so called "American dream") and corporate regulation is often portrayed by industry and politicians as limiting that ideal. In many ways I see a lack of privacy laws being connected with that distrust of restriction. So it's as if we share values but have evolved differently.
@DanK that sounds like a decent answer. Why don't you write one by expanding a bit you comment? but please note that I explicitely single out *citizens and companies*
It's not really a matter of privacy itself being taken more seriously in Europe. It's more a matter of a differing view in the proper role of government. In the U.S., at least traditionally, the proper role of the government has been seen to be more limited than in Europe. While this is perhaps somewhat less true today than 200 years ago, it has still been true to a large degree for the entire existence of the U.S. This includes less government limitations on what contracts private parties (whether individuals, private organizations, or businesses) are allowed to enter into with each other.
Since government limitations on what data Internet companies can store on users (with the permission of the user) is inherently a limitation on what contracts private entities may enter into with each other, the U.S. has been more reluctant than Europe to create such limitations, just as it is with other limitations on private contracts (or private actions in general.)
When it comes to privacy protection from the government, the situation is different. For example, even in a criminal case where all of the standards for a search warrant are met, you cannot be legally compelled to supply a password or encryption key in the U.S., while in Europe you can be so compelled. In the U.S., this is considered a violation of the 5th Amendment, which, among other things, says that you can't be forced to be a witness against yourself. (Edit: As Dan pointed out in the comments, apparently a circuit split now exists with regard to this in the U.S., so the issue will likely end up being addressed by the Supreme Court.)
In addition to the protections granted in the 5th Amendment, the 4th Amendment to the U.S. Constitution states that:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
In general, this bans the government from searching or seizing without your consent any of your property or communications (or yourself) without a warrant showing that you've probably committed or are about to commit a specific crime and specifically describing what can be searched or seized (and this is interpreted by courts to only extend to things which could reasonably by construed to be likely to provide evidence of that specific crime.)
UK is not exactly illustrative of how continental Europeans view privacy protection though. On many grounds they're worse than their US cousins when it comes to attitudes towards it (their large scale video surveillance and massive data banks would be unthinkable in most if not all countries on the other side of the Channel), and they'd likely enjoy less protection were it not for EU laws. If anything I'd wage that privacy conscious citizens will deeply regret the EU-related protections post-Brexit.
@DenisdeBernardy I guess you wanted to say "miss" rather than "regret" in that last sentence :P
@DenisdeBernardy Yeah, I was comparing mostly to EU-wide regulations, since that's what the question asked about. Of course, different countries within the EU may have more strict regulations and those vary from one country to another (and the same is true for U.S. states.)
The situation in the US WRT unlocking password protected devices is still in flux because of conflicting decisions at the state and lesser court levels. While some have ruled that the demand's an infrigment of the right against self-testimony others disagree. Until Congress passes a law at the federal level, or a case works its way to the supreme court this isn't likely to change. https://arstechnica.com/tech-policy/2017/08/man-in-jail-2-years-for-refusing-to-decrypt-drives-will-he-ever-get-out/
@DanNeely Interesting. I didn't realize that there was a circuit split there. At any rate, it appears that that particular case is being appealed to the Supreme Court. With a circuit split already in place, it seems likely that the Supreme Court will take the case (or a similar one, if there's another.) Back in 2012, the 11th Circuit ruled that it was a violation.
@reirab there is an EU person data protection directive, which is mandatory starting next May for all member states and which equalises the fines for breaking the privacy law to be 4% of the turnover of the whole *group* of the companies by the way. Down here everyone is on their toes to change the software and operating procedures in next 6 months.
@DanNeely I edited the answer to mention the circuit split. I don't think there's anything Congress could do to make this legal in the area covered by the 11th Circuit, since it was ruled to be a violation of the 5th Amendment. The only ways to overturn that would be to amend the Constitution itself (very, very unlikely) or for the Supreme Court to overturn it.
@reirab wouldn't that depend which way they tried to resolve it. Congress saying "you can demand passwords" would still conflict with the 11th Circuit ruling the demand unconstitutional. But if Congress were to pass a law making the demand illegal wouldn't that end the dispute. (At least temporarily, if the law was subsequently repealed the question of constitutionality would again become a problem.)
@DanNeely Yes, Congress could make it explicitly illegal, but they can't make it legal.
For what it's worth I think the 5th amendment protection of passwords is a historical accident that will be corrected later. Many people don't know this, but that was not the point of the 5th amendment. Its goal was to prevent a situation where you're tortured into giving a false testimony as evidence against yourself. Otherwise, it's pretty well-established that the governments need to be able to access material evidence against you or your loved ones, regardless of whether you like it or not.
@Mehrdad A lot of it will come down to how the Supreme Court rules. They could overturn it, but I think the current Supreme Court is unlikely to do so (maybe they will prove me wrong.) If the Supreme Court does not overturn it, I think it has little to no chance of being changed. Constitutional Amendments that _remove_ rights just don't happen in the U.S. There has been exactly one in the entire history of the U.S. and it's the only Amendment to have been repealed.
@reirab: Yes, that's exactly what I meant -- that a Supreme Court ruling in the future will likely overturn it, since it misses the point of the 5th amendment. I wasn't referring to passing new amendments at all.
I think it's a mistake to view it as contrary-to/missing the point of the 5th amendment. Both in terms of the way users feel about it, and the actual mathematical reality, encrypted data storage is akin to an extension of one's personal (in-brain) memory, not a "locked box of papers".