Transatlantic Data Privacy

65 Pages Posted: 9 Nov 2017

See all articles by Paul M. Schwartz

Paul M. Schwartz

University of California, Berkeley - School of Law

Karl-Nikolaus Peifer

University of Cologne - Faculty of Law

Date Written: November 7, 2017


International flows of personal information are more significant than ever, but differences in transatlantic data privacy law imperil this data trade. The resulting policy debate has led the EU to set strict limits on transfers of personal data to any non-EU country—including the United States—that lacks sufficient privacy protections. Bridging the transatlantic data divide is therefore a matter of the greatest significance.

In exploring this issue, this Article analyzes the respective legal identities constructed around data privacy in the EU and the United States. It identifies profound differences in the two systems’ images of the individual as bearer of legal interests. The EU has created a privacy culture around “rights talk” that protects its “data subjects.” In the EU, moreover, rights talk forms a critical part of the postwar European project of creating the identity of a European citizen. In the United States, in contrast, the focus is on a “marketplace discourse” about personal information and the safeguarding of “privacy consumers.” In the United States, data privacy law focuses on protecting consumers in a data marketplace.

This Article uses its models of rights talk and marketplace discourse to analyze how the EU and United States protect their respective data subjects and privacy consumers. Although the differences are great, there is still a path forward. A new set of institutions and processes can play a central role in developing mutually acceptable standards of data privacy. The key documents in this regard are the General Data Protection Regulation, an EU-wide standard that becomes binding in 2018, and the Privacy Shield, an EU–U.S. treaty signed in 2016. These legal standards require regular interactions between the EU and United States and create numerous points for harmonization, coordination, and cooperation. The GDPR and Privacy Shield also establish new kinds of governmental networks to resolve conflicts. The future of international data privacy law rests on the development of new understandings of privacy within these innovative structures.

Keywords: privacy, data protection, EU law, comparative law, constitutional law, contracts, human rights

Suggested Citation

Schwartz, Paul M. and Peifer, Karl-Nikolaus, Transatlantic Data Privacy (November 7, 2017). 106 Georgetown Law Journal 115 (2017), UC Berkeley Public Law Research Paper, Available at SSRN:

Paul M. Schwartz (Contact Author)

University of California, Berkeley - School of Law ( email )

Boalt Hall #7200
Berkeley, CA 94720-7200
United States

Karl-Nikolaus Peifer

University of Cologne - Faculty of Law ( email )


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics