The European Data Protection Directive is often considered the Internet Privacy Global Standard, but this in only partially true. While the European Union sets a formal global standard, the 1995 Data Protection Directive has two loopholes that Internet companies exploit to set the effective global standard for internet privacy. The United States and Ireland have become safe harbours for Internet companies to collect and process Europeans' personal data without being subject to the stringent laws and regulations of some continental European countries. Companies, and not the European Union or governments, are the ones that set the effective global standard of internet privacy.
Keywords: Internet privacy, European Union, Data Protection Directive, safe harbour