Overcoming the Gulf in U.S. and European Business “Civilizations”

In a recent interview with an American journalist in New York, I was welcomed with these words: “Mrs. Reding, President Reagan once said, ‘The nine most terrifying words in the English language are: I’m from the government and I’m here to help.’”

That quote actually pinpoints the difference between the United States and Europe. In Europe, people would say, thank God, there is a government — to make laws and to protect us against the transgressions of industry.

I admit, there is some truth to the old saying that, in the United States, you can basically proceed unless something is explicitly forbidden — while in Europe, you can proceed only if it is expressly allowed. That, too, is a big difference between the two. This applies notably to the protection of personal data.

And there is another difference that is enormous. In Europe, we have our bill of rights, our Charter of Fundamental Rights.

Passed in 1990, the charter stipulates in its Article 8 that any personal data belongs to the individual — and to no one else. It is his or her private property. This fundamental right also applies in all EU member states. That is why we have a federal, EU-wide law on data protection.

For Europeans, data protection is a fundamental right, a basic achievement of civil rights in Europe. And it guides all behavior in society, in government and throughout the economy. In marked contrast to Europe, there is no federal blanket law on data protection in the United States.

Whom to trust?

The Snowden affair is widely seen by Europeans as proof of the viability and relevance of that fundamental right. The dimension of the U.S. data gathering makes clear that data-protection is essential to preserve the rights of citizens.

Even before the Snowden affair, 70% of Europeans believed that companies misuse their personal data. They tend to trust government because they know our laws are very strict — and governments have to respect them. But when it comes to companies, trust is fading.

So what was the reaction after Snowden? It was very simple: Do not entrust your data anymore to any American company. The result of a loss in trust is simply a loss in revenues of American companies dealing with data. They have seen their revenues falling down by up to 25% in Europe.

Analysts say that cloud-computing providers from the United States are going to lose roughly $30 billion euros in business until 2016. The reaction of European and U.S. companies to answer the concerns of EU citizens is to build cloud-computing facilities in Europe.

True, in that process we risk the balkanization of the cloud industry, which I do not think is a good thing. But U.S. companies must understand and respect the cultural diversity before they start doing business in a given market. Respect the law of the land. That’s absolutely essential.

In this context, there is a real opportunity to build a strong company on the basis of offering true data protection and cyber security. Data protection is the business model of the future. There is a whole world of business waiting for any company that seizes that opportunity.

Hero or wake-up call?

I am also often asked by my U.S. interlocutors whether we Europeans see Edward Snowden as a hero. My answer is: he is no hero — but he surely has given us all a much-needed wake-up call.

After the Snowden affair, President Obama pledged solid reforms in the field of security handling and privacy rights. The problem is that in the U.S. political system there is a wide gap between speech and action.

The U.S. government has a hard time getting laws passed. It is much easier in Europe to do so. One of the reasons being that the freely elected European Parliament is not under the direction of corporate money, as is the case in this part of the world.

The European Parliament, as a rule, votes the laws that the executive — the European Commission — presents. It is a partner when it comes to protecting European citizens and their rights.

The rule of law, pure and simple

Interestingly, EU companies also tend to approve of what we are doing. Why? Because EU legislation provides them with a level playing field for an entire continent. If you take all of the 28 nations together, they form the biggest economy in the world today.

European legislation gets rid of the barriers — so that industries have easier access to a borderless continental market. One rule for one continent — and no longer a patchwork of 28 different national data protection laws. This is what I call a real market opener.

The message to companies from outside of Europe is clear: “You can have a goldmine of 507 million potential customers at your disposal — the European single market — if only you play by the European rules.”

Frankly, the fact that I even have to give that message is worrying. Imagine that I come here, to the United States to operate a business — and I decide not to apply American law. I would most likely be facing American justice and end up behind bars, rightly so.

All companies operating in Europe or directing their services to Europe have to apply European law. This has been most recently confirmed by the European Court of Justice — our very own ‘Supreme Court’ — in its landmark ruling against Google.

We stand for the strict implementation of European law for all companies, European and American, big and small. Each company that works on European soil has to apply European law. It is simple as 1,2, 3. Respecting rules is about fair competition, a principle cherished and promoted on both sides of the Atlantic.

There is another big difference between the United States and Europe. In Europe, data protection is a fundamental right. It is granted regardless of the nationality or place of residence. If you, as an American, come to Europe and you feel that your rights to your privacy rights have been infringed, you can go to a European court to seek redress.

If I, as a European, come to the United States and presume that my rights have been infringed, I don’t have the right to go to a court. Because U.S. law limits the access to justice to U.S. citizens and legal permanent resident aliens, other aliens — such as tourist visitors — are denied judicial redress.

Changing this unfair treatment is one of the key elements that I am negotiating with my U.S. counterparts in the framework of an EU-U.S. data protection agreement for police and law enforcement purposes. There should be judicial redress for Europeans in the United States the same way there is redress for Americans in Europe. We are no aliens.

Competition — instead of regulation?

Another proposition I often hear from Americans is: Why not let competition in the marketplace take care of problems? If Europe chooses to regulate companies like Google, doing so would intrude on their corporate freedom.

My answer is: Read the latest Google ruling of the European Court of Justice. It confirms the legislation applicable to the continental market. Whether a company is large, as many of the U.S. firms that operate in Europe are, or whether it is small, the rules are for everybody. If you want to operate in a civilized world, you have also to abide by the rules of civilization.

How to move forward?

The trust of consumers and citizens in U.S. companies is fading. How to restore this indispensable trust?

Companies can do so by explaining and showing in practice that they are abiding by the law, and by proving to their customers that effective and protective measures have been put in place to protect the currency with which they operate: citizens’ data.

That message is being heard. At present, there are many U.S. corporations that are, for instance, establishing their cloud on European soil. Having secure storage facilities on European soil has become a selling argument. A new business model is scaling up, it is interesting and promising.

In short, our American friends who are keen on doing business in Europe would see their fortunes increase vastly if, instead of investing millions into lobbying against European laws, they invested this money into a new business model that abides by European laws.

Following that strategy will be a smarter business model given them legal certainty and enabling them to yield steady revenues and profits.

As to Europe’s future: I want to help make this a strong continent — one confident about its rules and its freedoms. One in which it is not the power of a company that matters but the power of the law, the European law. I want to make Europeans proud to be free people, who can count on their government to protect them, and I want to help reinforce our capacity to protect our citizens.