UC Berkeley

U.S. and EU privacy law diverge greatly. At the foundational level, they differ in their underlying philosophy: In the United States, privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions. In the European Union, privacy is hailed as a fundamental right that can trump other interests. Even at the threshold level-determining what information is covered by the regulation-the United States and European Union differ significantly. The existence of personal information- commonly referred to as "personally identifiable information" (PII)-triggers the application of privacy law. The U.S. and the European Union define this essential term of privacy law quite differently. The U.S. approach involves multiple and inconsistent definitions of PII that are often particularly narrow. The EU approach defines PII to encompass all information identifiable to a person, a definition that can be quite broad and vague. This divergence is so basic that it threatens the stability of existing policy mechanisms for permitting international data flows.