In Search of the Holy Grail: Achieving Global Privacy Rules Through Sector-Based Codes of Conduct

41 Pages Posted: 11 Feb 2014

See all articles by Dennis D. Hirsch

Dennis D. Hirsch

Ohio State University (OSU) - Michael E. Moritz College of Law; Capital University Law School

Date Written: December 1, 2013


The movement of personal data across national borders is fundamental to the Internet economy. Yet the laws that govern such data flows remain national or, at best, regional. This mismatch weakens privacy protection, increases costs and uncertainty for business, creates tension and political strife between major trading partners such as the US and the EU, and confronts global privacy managers with difficult challenges. These problems have made the harmonization of national and regional privacy laws a very hot topic in privacy law and policy today. Several initiatives have sought to achieve such harmonization, but none has proven satisfactory.

This article proposes a relatively simple and elegant solution: internationally-approved, industry codes of conduct. The European Union and the Asia-Pacific Economic Cooperation (APEC) organization have each established privacy rules for their respective region. The proposed solution would take advantage of these existing arrangements. It would work as follows. An industry sector would draft a privacy code of conduct that fulfilled the core requirements of the EU and APEC regional privacy regimes. It would then submit the same code to the relevant authority in each system. If each approved the terms of the code, then firms that met those terms could feel quite confident that their activities complied with EU and APEC-region legal requirements. The approved code would function as a nearly global set of privacy rules.

The Article provides a fuller exposition of this proposal, situates it in regulatory theory, and explains how it fits with current legal frameworks. It shows that existing privacy law regimes already contain many of the pieces needed to support the proposed approach. It identifies the legal reforms that will be required in order to make this solution work, and so to come closer to that Holy Grail of privacy law: harmonized, global privacy rules.

Keywords: privacy law, data protection law, international law, global governance, harmonization, code of conduct, multi-national corporation, administrative law

JEL Classification: F23, F42, H11, K20, K23, K33, L52, L86, M14, O33, O38

Suggested Citation

Hirsch, Dennis, In Search of the Holy Grail: Achieving Global Privacy Rules Through Sector-Based Codes of Conduct (December 1, 2013). Ohio State Law Journal, Vol. 74, No. 6, 2013, Available at SSRN:

Dennis Hirsch (Contact Author)

Ohio State University (OSU) - Michael E. Moritz College of Law ( email )

55 West 12th Avenue
Columbus, OH 43210
United States

Capital University Law School ( email )

303 East Broad St.
Columbus, OH 43215

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics