The introduction of the European Union’s Data Privacy Directive in 1995 presented a host of challenges for U.S. companies doing business in Europe. While the United States took a sectoral approach to data privacy based on self-certification and compliance, the EU adopted a broad prohibition on the transfer of personal data regardless of industry, with rights of action for negatively affected individuals. The revelations in the last year that the U.S. has been clandestinely collecting data on Europeans has not …