Few topics are more sensitive for Web users, or more likely to raise concerns in the corridors of Facebook or Google, than how to regulate privacy.
For years the United States and Europe, with around 700 million Internet users between them, have diverged in their approach to policing the Web.
But the two sides are converging in their Web privacy positions, partly through intensive meetings in recent months between regulators from Washington and Brussels.
There are still many specifics to be worked out – final legislative proposals are not expected from the European Union until later this year and the United States in June or July – but officials are confident about steadily narrowing the gap.
"Until recently there was a common belief that our approaches on privacy differed so much that it would be difficult to work together," the EU's justice commissioner, Viviane Reding, said in a recent speech.
"This can no longer be argued."
Experts from both sides gathered again in Brussels last week. Afterwards the US ambassador to the EU, William Kennard, mirrored Reding's thoughts, saying differences between the two sides had been overstated.
"People in Europe thought we were not as concerned as we are about updating our privacy laws," he said, adding that the US has now made its support of stronger privacy rules clear.
The crux of the issue for Europe comes down to delivering strict measures to protect individuals, so that companies must, for example, respect an individual's "right to be forgotten" – ensuring that their data are erased if they so wish.
The United States has tended to prefer giving companies responsibility for policing themselves, with the obligation to sign up to codes of conduct, not to meet specific legislation.
Regulators on both sides say they have moved closer to a common position following US President Barack Obama's endorsement this month of a "privacy bill of rights," which officials hailed as the first time in 40 years that a US administration had backed new baseline privacy protections.
Levelling the Internet
The goal of convergence is two fold: to aim for a level playing field that minimises "regulatory arbitrage", and to ensure that Web-based companies have clear guidelines, allowing them to grow globally without legislative surprises.
That is particularly important as the Internet becomes an ever larger part of the economy – recent figures from Google indicate that 10% of British gross domestic product will be generated from the Web by 2015, for example.
Yet despite the bullish talk from American and European officials, some privacy experts remain concerned about how political rhetoric, such as the EU's "right to be forgotten", will eventually be translated into concrete policies.
Paolo Balboni, executive director of the European Privacy Association, says he is concerned about how the EU will enforce Reding's declaration this month that all websites targeting EU citizens must adhere to EU laws.
"How will they know if a company is indeed targeting EU citizens?" he asked. "Are they going to oblige end users to identify themselves?"
The merit of the principles will lie in whether they are practically enforceable, he said.
Another open question is how the EU will regulate transparency in Internet privacy.
While the EU wants websites to require user-consent every time their data is used, consent forms tend to be long and difficult to understand, and the EU has remained tight-lipped on what user consent will look like.
In its effort to narrow gaps, the EU is considering how elements of US-style self-regulation could be integrated into its Internet privacy regime without losing legal rigidity.
While both sides are emphasising the strides they have made toward convergence, it is clear that differences remain, such as on the EU's right to be forgotten, which clashes with US sensibilities over freedom of information.
And despite all the talk of cooperation, neither side has called for adopting identical policies, suggesting that while the playing field might be levelling, it might not end up flat.
(EurActiv with Reuters.)
