Publication Type: Conference Paper/Unpublished Manuscript
Review Method: Peer Reviewed
Abstract: ISA 2004 Paper Proposal: Privacy, Security, and Hegemony in Cyberspace: The Transatlantic Public-Private Debate over the USA Patriot Act Maria Green Cowles In the aftermath of September 11th, the United States Congress passed the USA Patriot Act, thus providing the government with broad new powers of surveillance, especially regarding the internet. The Patriot Act raises a number of red flags for privacy advocates who argue that it challenges the civil liberties of ordinary Americans, and in particular, their right to privacy in on-line communications and activities. Yet, while American scholars and practitioners focus on the Patriot Act's impact on U.S. citizens, very little attention has been paid to its influence on the privacy rights of individuals elsewhere in the world. Perhaps nowhere is the Patriot Act's import more apparent than in the European Union (EU). The EU's 1995 Data Privacy Directive is among the strictest privacy acts worldwide through its limits on the electronic data that can be collected and stored on European citizens. Due to the internet's trans-sovereign nature, the EU Data Privacy Directive has an extra-territorial impact on American companies who traditionally gather data on customers for marketing and operational purposes. American airline companies with transatlantic routes, for example, were forced to alter their data collection practices -- or face stiff legal action -- as they infringed on the data privacy rights of European passengers. By the 1990s, a major row emerged between the United States and European Union over the EU's Data Privacy Directive and its impact on American internet and e-commerce operations. A resolution was reached when the EU and the U.S. Department of Commerce agreed to the Safe Harbor Provisions for companies operating in the transatlantic marketplace. Since the passage of the Patriot Act, the EU Data Privacy Directive -- and thus, European citizens' privacy rights -- have been pushed aside. Transatlantic intergovernmental cooperation in the war against terrorism has resulted in new surveillance measures on European citizens, and new data collection and sharing requirements placed on European companies. The situation is confusing because unlike the Patriot Act in the United States, there has been no formal change to the EU Data Privacy Directive since September 11th. Thus, private actors find themselves caught between the existing data privacy requirements and the new security demands. The proposed ISA paper will thus examine the influence of the Patriot Act on EU data privacy and the rights of European citizens. The paper will analyze why the European Union and its member states have altered, albeit unofficially, their strict privacy requirements; how the US government was and is able to influence this development; and why European companies and privacy advocates have had limited success in challenging the Patriot Act's impact. In doing so, the paper addresses the conference theme – Hegemony and its discontents – by analyzing how September 11th alters the relationship of politics vs. economics, public vs. private governance, and security vs. privacy on an international scale.