The European Commission’s release in late January 2012 of its proposed "General Data Protection Regulation" provides a perfect juncture to assess the ongoing EU-U.S. privacy collision. An intense debate is now occurring around critical areas of information policy, including the rules for lawfulness of personal processing, the "right to be forgotten," and the conditions for data flows between the EU and the United States.
This Article begins by tracing the rise of the current EU-U.S. privacy status quo. The 1995 Data Protection Directive staked out a number of bold positions, including a limit on international data transfers to countries that lacked "adequate" legal protections for personal information. The impact of the Directive has been considerable. Yet, the United States proves an outlier to the story of international information privacy law. As an initial matter, the EU is skeptical regarding the level of protection that U.S. law actually provides. Moreover, despite the important role of the United States in early global information privacy debates, the rest of the world has followed the EU model and enacted EU-style "data protection" laws. At the same time, the aftermath of the Directive has seen ad hoc policy efforts between the United States and EU that have created numerous paths to satisfy the EU’s requirement of "adequacy" for data transfers from the EU to the United States.