THE ADEQUACY OF PRIVACY - THE EUROPEAN-UNION DATA PROTECTION DIRECTIVE AND THE NORTH-AMERICAN RESPONSE

The recently passed European Directive on the Protection of Personal D ata aims to harmonize European data protection law at a higher level o f protection than exists now. Ir represents a European consensus an a standard for personal privacy and a model for countries without data p rotection laws. The protracted process for agreement and ratification, however, has produced a document with many derogations and ambiguitie s, reflecting the wider moves towards ''subsidiarity'' within the Euro pean Union. Of concern to North America is the stipulation that transb order data flow may not be permitted unless the receiving country can demonstrate an ''adequate'' level of protection. While the process thr ough which this provision will be interpreted and applied is so far fo und to be complicated and unclear, nevertheless European authorities w ill be reluctant to tolerate ''data havens'' a fact that should concer n North American business that relies on the unimpeded flows of person al data from and to Europe. Neither Canada nor the United States can c laim ''adequate'' data protection according to the European standard. However Canadian efforts through the Canadian Standards Association an d the Federal Information Highway Advisory Council signal an attempt t o fashion a more comprehensive policy framework for privacy than the m ore incremental and reactive approach of the United States. This diver gence is explained by key cultural, economic, and political factors wi thin Canada, which have caused a different reaction to the extraterrit orial effects of the European Union's Data Protection Directive.