G. Building the bridge: Spaces and step
The examples from case law again emphasize the fundamental discrepancy
between privacy in Europe and in the United States. However, a cautious ﬁrst
rapprochement can be observed. As established above, an essential diﬀerence
is the extent of regulation in data protection. Although data protection is less
regulated in the United States than in Europe so far, American consumers
would prefer a stronger regulation according to surveys.
It remains to be
seen whether the legislator will react and take concrete steps. At the same
time it is recognized in Europe that sophisticated data protection regulation
can only be useful if eﬀectively enforced in practice. In consequence there are
eﬀorts to introduce more mechanisms of self-regulation in Europe. For exam-
ple the § 9a of the German Bundesdatenschutzgesetz codiﬁes the so-called
“Datenschutz-Audit”. According to this norm providers of data processing
systems and programs as well as data processing bodies can have their data
protection concept and their technical facilities audited by impartial and
accredited experts, have them evaluated and publish the results. According to
§ 38a of the German Bundesdatenschutzgesetz, professional and other associa-
tions can submit drafts for rules of conduct assisting the realization of data
protection to the competent supervisory authority. The authority then tests the
drafts for the compliance with the applicable data protection law. In this
manner, companies are supposed to submit themselves to voluntary self-con-
trol by using so called “Codes of Conduct”. Both mechanisms entered the
German Bundesdatenschutzgesetz as a result of the European Data Protection
Directive. In the light of this evolution, the rigid confrontation of the European
density of regulations and the American concept of self-regulation does not
seem so apodictic anymore.
What is more, the European Union and the US are well aware of the
diﬀerences in data protection and try to minimize them by negotiations and
international treaties, for example the above-mentioned Safe Harbor Agree-
In this manner at least selective solutions of the general data protection
conﬂict are found frequently. In ﬁghting cybercrime a consensus was reached in
so far as the Cybercrime Convention, elaborated by the European Council in
international cooperation, was also signed by Canada, Japan, the United States
80 Cf. on this Dorothee Heisenberg, Negotiating Privacy, The European Union, the United
States, and Personal Data Protection, Boulder/London 2005, p.37, 42–48.
81 See for a general overview Dorothee Heisenberg, Negotiating Privacy, The European Union,
the United States, and Personal Data Protection, Boulder/London 2005, p.139 et seqq.
372 Stephanie Schiedermair
and South Africa.
It is undisputed that with increasing international interrela-
tions data protection is becoming a global issue, what conjures up a pressing
need for harmonization between the States. Whether this harmonization can be
reached depends substantially on the question if the diﬀerences in the compara-
tively homogeneous legal systems of Europe and the United States will be
resolved. First cornerstones for a bridge over the Atlantic are laid – to create
sustaining piers it remains a long way oﬀ.
82 Cf. the list of signatory states: http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?
NT=185&CM=8&DF=&CL=ENG (Mai 24, 2011).
Data Protection – is there a bridge across the Atlantic?