In the EU, the “right of access” to one’s personal data has existed for over a decade. The US, on the other hand, seemed to be moving in a vastly different direction. The right of access, sometimes also referred to as “habeas data” basically allows an individual to demand that a data controller show what data the controller possesses as well as how the data has been used. With regard to the latter right, the detail a controller has to provide will vary depending on which Member State’s data protection law is being applied.
A well-known application of this right can be found in the story of Max Schrems, the Austrian law student who challenged Facebook by practicing this right. He subsequently found several thousand actions with his own data which he insists are a violation of EU law. The matter is still on-going and may go all the way to the Court of Human Rights in Luxembourg.
The Electronic Frontier Foundation (EFF) and American Civil Liberties Union of Northern California have recently proposed an amendment to the “Right to Know Act of 2013” which passed on the 1st April 2013. This will allow individuals, in short, to request a copy of their information from companies as well as the ways the information was used. Furthermore, this would have to be provided to the customer within 30 days. In the EU, the deadline tends to vary, however the principle applied in California greatly echoes the approach of EU law.
The EFF has expressed its hope that this would be the first step to increased commercial transparency in the US. It will also bring with it a greater synergy with EU laws, allowing for greater and more efficient cooperation between entities on both sides of the Atlantic.