A court case in Europe has strengthened the right to online privacy, and those rules will apply to companies doing business in the European Union. Arizona State University professor Adriana Sanford of the W.P. Carey School of Business will discuss how EU data protection will affect U.S. companies and consumers.
Ted Simons: A recent court case in Europe strengthened the right to online privacy, a move that puts freedom of speech concerns in the U.S. against what Europe sees as the right to be forgotten. Adriana Sanford is with ASU's W.P. Carey School of Business and she joins us now to talk about, first of all thank you for joining us, what exactly did the EU rule on regarding the right to privacy?
Adriana Sanford: Well, first of all in the EU we have--they believe in the basic human right to privacy. We don't have that here in this country and as a result of that and as a result of this known revelations, they are now coming up with an EU regulation and within that regulation, it's going to be very different--it's going to be binding and it's going to have an extra territorial effect. Part of it is the right to be forgotten which basically says if you are an individual and there's no necessity, no reason behind it after certain amount of time, you're data or your information that's on the internet can be taken away and it can be erased. The question is, can it be erased? And if it can't be erased, they have to find a way of blocking it or not having it so that it doesn't contain to affect you.
Ted Simons: Yeah, that sounds almost impossible to achieve. I mean once it's on the internet, it seems like it never dies.
Adriana Sanford: That's a concern that some of the companies have and there are many others with this new regulation that's coming out. Another concern is this new 24-hour notice for our hack-attacks for these breaches and these are concerns that the companies have and we think that within the next few months, they are going to iron them out. The regulation has gone through the EU commission, it's gone through the parliament, it's now at the stage with the council-with the European council and we have companies that are lobbying and we have, you know, the different governments from the different countries that are lobbying and basically tweaking.
Ted Simons: I was going to say Microsoft and Google and Yahoo. It seems to me though, they got to be on board or there's nothing to get on board, is there?
Adriana Sanford: Well right now, one of the hot issues is what's going on with Microsoft because the U.S. government gave a search warrant for certain information in the cloud and those e-mails were actually in Dublin in Ireland and this is one of the hot topics right now, is whether or not Microsoft actually has to turn that over and the U.S. government has said yes and Microsoft is concerned because here we have a conflict of loss because under EU directive right now they would have to first go to the EU and let them know and,you know, this is a problem of conflict of loss.
Ted Simons: And really, it sounds like Google again, from what I read, their basis is, okay we'll change our euro version or we'll change that but the mother ship back here, we're not going to change any of that. They have to change the mother ship or else it's, again, it doesn't go away. This-- all this stuff that you want removed, it may be removed in Europe but in Peoria there it is.
Adriana Sanford: Well, and let's back up for a minute. If we take a look at what this EU regulation is doing, it's going to be very different from the directive that's in place right now. The directive that's in place is nonbinding so it's a patchwork over there and depending on which countries you're working with, they have adopted different variations of the EU data protection directive. And what's going to happen now is it will reach U.S. businesses even if you don't have operations over there. If you for any reason are working either monitoring the EU citizens or you are on the Internet and you're selling your goods or services or maybe you have an employee. You have employees from the EU, it will touch you. So, its effects, its extra-territorial reaches a lot larger and any U.S. business is dealing with the EU in any one of these areas is going to have to comply. For example, with the notification, the 24-hour notification for breaches, the second an EU citizen is notified. Well, we know from the grounds well, through social media, through the news, we're going to find out about it over here and so it's going to help our citizens here, our consumers know about these hacks much sooner than it is happening right now.
Ted Simons: So, realistically in the real-world, the real online cyber world here, can you have a region, a Europe, a China, perhaps in the future, whatever. Say, I do not want personal opinion out there that the government says we are going to block. Can that realistically happen if other parts of the world say the U.S. aren't participating?
Adriana Sanford: It's a hot topic; we don't know what's going to happen. But, what I can tell you is that once that EU regulation comes out, it is going to be adopted by other regions, by other countries as well. There are so many people right now, so many governments that are waiting for this to come out because the EU has been on the forefront of a lot of this. In 1995, the EU data protection directive--when the internet came out that was the first one out there. With regards to gate-keepers, the gatekeepers' initiative came from there. They know your customer came from the EU. So everybody is waiting, everybody is very concerned right now with these hacks, with privacies. Privacy is huge so these other countries and these other regions of the world, some in Latin American, some in Africa are waiting for this. So, we are going to see a huge change and maybe that will affect our government here and we will start to see changes, maybe a reform here as well.
Ted Simons: So that seems to be what's next in all of this. When are we going to see what's next in all of this?
Adriana Sanford: Well in 2013 we noticed that a lot of our states started passing their own laws to help consumers with regards to the breaches, with regards to privacy. So, the United States we have a patchwork right now which makes it hard and is actually not cost-effective, it's a burden. A bureaucratic burden for these companies so maybe we'll see a change there. Maybe we'll see a national legislation; it will be nice to have comprehensive legislation in this area.
Ted Simons: Yea, well, it's fascinating, complex. It is a brave new world out there. Thank you so much.
 
Adriana Sanford:Professor, W.P. Carey School of Business at Arizona State University;
