At a recent European Union (EU) sponsored conference on privacy regulations, reports from businesses, media outlets, trade unions, and four EU nations demonstrated why the United States should not follow Europe’s pro-regulatory path in protecting privacy.

Ever since the EU’s Data Protection Directive took effect in 1998, pro-regulation privacy advocates have been trying to convince the US and the rest of the world to adopt the European model. Now that the model has been operational for a few years, the excessive costs of strong privacy regulations are apparent, but privacy worries remain high. This has led to critiques from some unexpected places.

Indeed, it came as a surprise when Austria, Finland, Sweden, and the United Kingdom - countries not generally critical of government intervention - told the European Commission (EC) that there needs to be “a better balance” between individual privacy and the free flow of information.

The countries highlighted many problems with the directive, including “complex and burdensome” procedural requirements and “resource-intensive” consumer data access rules that add “little to the protection of individuals’ rights.” The European Publishers’ Council (EPC), a group of European media organizations, agreed.

“It is not uncommon for data access requests to involve 2 to 5 days work of several people,” the EPC said, and in some cases the request is “a fishing exercise to establish whether any claim for damages might be assembled.”

Conference organizers received numerous submissions detailing the undue costs to consumers and businesses of strict privacy regulations, such as having to notify someone when their business card information is entered into a database or, as the Information Security Forum intoned, the high fees for the new “empire of advisors” on privacy matters. But perhaps the most significant costs affecting everyone are the barriers to trade that Europe’s regulations create.

For instance, German industry group Bundesverband der Deutschen Industrie, explained that “procedures for the transfer of personal data to both EU and non-EU countries often cause too much effort” and “business transactions occasionally break down because of the high requirements placed on this transfer in both cases.” US firms have long complained of these problems, but perhaps now that EU organizations and the governments of Austria, Finland, Sweden, and the UK are weighing in, the European Council will listen.

It’s important to realize that regulation-induced trade barriers exist even as companies make strong efforts to meet privacy requirements. And as the German group mentions, it’s a problem within the EU market too. That’s unfortunate because one of the purposes of the directive was to harmonize European privacy laws. Instead, the patchwork of legislation seems to have grown, even upsetting trade unions.

The Statstjänstemannaförbundet (ST), a Swedish union of civil servants, recounted how the directive created difficulties in handling insurance issues for its members. Obtaining “consent” to use member information under the directive is “scarcely feasible,” they insisted. The ST also cited serious concerns about freedom of expression.

Strong privacy rules restrict freedom of expression because they restrict communication of facts - and the EU is learning first-hand what that means. According to the European Newspaper Publishers’ Association, “data protection legislation has decreased the flow of information to the public. The police and other public authorities have relied upon the data protection principles as an excuse not to make public information that was previously made publicly available or passed on to the press.”

With all these problems and costs, it’s becoming clear that mandated privacy protection in Europe isn’t satisfying anyone. According to a study last year by the nonprofit, Europe-based Consumers International, self-regulated US web sites were better at protecting privacy than their government-regulated European counterparts.

There have also been reports that despite, or maybe because of, EU information rules, many businesses are not complying with the privacy laws. Perhaps that’s why a recent EU poll showed that European consumers are afraid that their personal data will be misused when they buy products or services online.

Protecting privacy is important, but information exchange is also a necessary part of a thriving economy and a properly functioning democracy. The lesson that US lawmakers should take from the EU’s experience is that overly strict data regulations will waste resources, reduce commerce, and suppress of speech while providing few true privacy gains.

Instead, the US should continue to allow consumers to decide their own level of privacy protection by using privacy-protecting technologies and by voting with their wallets. That is the best path to privacy solutions.

Sonia Arrison is director of the Center for Technology Studies at the California-based Pacific Research Institute and author of Consumer Privacy: A Free Choice Approach. ePolicy commentaries examine the latest technology policy news from a free market perspective. A version of this article originally appeared in Cnet news on October 23, 2002.