The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures

126 Harvard Law Review 1966 (2013)

UC Berkeley Public Law Research Paper No. 2290261

44 Pages Posted: 6 Jul 2013

See all articles by Paul M. Schwartz

Paul M. Schwartz

University of California, Berkeley - School of Law

Date Written: May 1, 2013

Abstract

The European Commission’s release in late January 2012 of its proposed "General Data Protection Regulation" provides a perfect juncture to assess the ongoing EU-U.S. privacy collision. An intense debate is now occurring around critical areas of information policy, including the rules for lawfulness of personal processing, the "right to be forgotten," and the conditions for data flows between the EU and the United States.

This Article begins by tracing the rise of the current EU-U.S. privacy status quo. The 1995 Data Protection Directive staked out a number of bold positions, including a limit on international data transfers to countries that lacked "adequate" legal protections for personal information. The impact of the Directive has been considerable. Yet, the United States proves an outlier to the story of international information privacy law. As an initial matter, the EU is skeptical regarding the level of protection that U.S. law actually provides. Moreover, despite the important role of the United States in early global information privacy debates, the rest of the world has followed the EU model and enacted EU-style "data protection" laws. At the same time, the aftermath of the Directive has seen ad hoc policy efforts between the United States and EU that have created numerous paths to satisfy the EU’s requirement of "adequacy" for data transfers from the EU to the United States.

This Article argues that this policymaking has not been led exclusively by the EU, but has been a collaborative effort marked by accommodation and compromise. It then analyzes the likely impact of the Proposed Regulation on Data Protection, which is slated to replace the Directive. The Proposed Regulation threatens to destabilize the current privacy policy equilibrium and prevent the kind of decentralized global policymaking that has occurred in the past. The Proposed Regulation overturns the current equilibrium by heightening certain individual rights beyond levels that U.S. information privacy law recognizes. It also centralizes power in the European Commission in a way that destabilizes the policy equilibrium within the EU, and thereby threatens the current policy processes around harmonization networks. To avert the privacy collision ahead, this Article advocates modifications to the kinds of institutions and procedures that the Proposed Regulation would create.

Keywords: information privacy law, data protection, European Union

JEL Classification: F10, K00

Suggested Citation

Schwartz, Paul M., The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures (May 1, 2013). 126 Harvard Law Review 1966 (2013), UC Berkeley Public Law Research Paper No. 2290261, Available at SSRN: https://ssrn.com/abstract=2290261

Paul M. Schwartz (Contact Author)

University of California, Berkeley - School of Law ( email )

Boalt Hall #7200
Berkeley, CA 94720-7200
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
812
Abstract Views
4,899
Rank
59,824
PlumX Metrics