America's big technology companies are negotiating the details of a new privacy system called "Do Not Track," to let people shield their personal data on websites. There's no deal yet, but people inside the talks say the main reason American companies are even considering "Do Not Track" is the pressure they're feeling from Europe.
Jacob Kohnstamm, a European privacy regulator, has been on a tour of Silicon Valley, and his message to America's tech giants is, respect European privacy rules — or else.
"Enforcement actions against them will be taken," Kohnstamm says.
Not only should people be allowed to block websites from collecting and keeping their data, he says, but that should be the default setting — on European browsers, at least. Talking from a phone inside the headquarters of Facebook, Kohnstamm is in no mood to let Americans decide everything about the Internet.
"To say American companies rule this world could be a very dangerous sort of thinking," he says.
American companies are feeling the heat. "I can tell you as somebody who's around these companies every day that they're creating untold benefits to both our economy and to consumers, and it'd be a shame if the Europeans want to limit those benefits," says Stu Ingis, a lawyer for the Digital Advertising Alliance.
That argument plays well in Washington, D.C., where politicians don't want to be accused of killing jobs or hampering innovation. The Obama administration's recent privacy proposals, for instance, are being developed in consultation with the online advertising industry. In Brussels, the attitude is more adversarial.
Take a slick, public service video produced by the European Commission. It shows people happily surfing the Web, buying things online, but when they hit enter, their clothes fly off. The ad's tagline goes, "Online, you reveal more than you think." It's hard to imagine the U.S. government making an ad like that.
"The European approach to privacy is that it's potentially a very unequal relationship," says Chris Docksey, director of the European Data Protection Authority. Though Docksey says these are his personal opinions, not those of his office. He says Americans regard online privacy as take-it-or-leave-it — if you want Gmail, you just click "I Accept."
"Whereas in Europe, your consent has to be real and informed and there mustn't be a disequilibrium," Docksey says. "If there is, then the consent may be incapable of being given."
Earlier this year, EU Justice Commissioner Viviane Reding announced new privacy legislation that would impose hefty fines on rule breakers.
"It will make Europe the worldwide standard-setter for a digital market and for data protection," she said.
That's the last thing American companies want, especially in a global data-collection industry that they dominate — at least for now. If European rules become the global standard, says privacy law expert Jane Winn, then European companies may not be far behind.
"If somebody can seize control of global arenas, then their domestic industry gets a leg up, because they only have to cope with one system," she says.
Winn says Europeans have sincere cultural reasons for tougher privacy rules, but they're also not opposed to gumming up the Americans' online business model, which trades free services for users' personal data.
"The American companies feel an entitlement to collect this information," Winn says. "And so culturally, it's hard for them to shift gears. Once you feel that you've had something, it's much more difficult to give it up than it is to live in a world where it's not available."
The "cheap data" fueling American tech companies is sometimes compared to the cheap gasoline that used to fuel the American auto industry. Like Detroit, the argument goes, Silicon Valley isn't likely to change its business model until it's forced to — by events outside the U.S.