Understanding American Privacy
Research Handbook on Privacy and Data Protection Law: Values, Norms and Global Politics, Gloria González Fuster, Rosamunde van Brakel and Paul De Hert (eds.), Edward Elgar Publ'g 2018 (Forthcoming)
25 Pages Posted: 22 Oct 2018
Date Written: September 28, 2018
Abstract
This Article is an explanation of some of the key features of American privacy law for a general audience. In particular, it tries to explain American privacy law against the critique that because the US currently lacks a European-style privacy law, the United States lacks much in the way of privacy law. We argue that the lack of a European-style data protection law in the United States is not be the end of the analysis. This article therefore offers a basic roadmap to American privacy law for the uninitiated. In order to understand American privacy, we believe that it is important to understand five of its guiding principles. First, American privacy law is bifurcated into two discrete regulatory regimes – one covering the government and the other covering the private sector of individuals, corporations, and other institutions. Second, American privacy law takes a sectoral or sectorized approach, meaning that rather than having a federal omnibus privacy or data protection law, U.S. law regulates particular sectors of human activity in a way that is both piecemeal and more specific where it applies. Third, it is impossible to understand American privacy without taking account of the role of the Federal Trade Commission, a consumer protection regulator that is more than a century old, and which functions something like a data protection authority with a limited but general authority over trade practices that are unfair or deceptive. Fourth, American privacy law is federalized: both the national government and the fifty state governments have passed privacy laws. In this regime, national (“federal”) law is supreme where it applies, but the state privacy laws remain very important, particularly those of California which has been an aggressive privacy regulator. Fifth, and finally, questions of privacy harm run throughout American privacy law, both as a threshold question required for private litigants to sue, again at the level of damages, as well as in the class certification process for private enforcement in the United States. Once these five principles are appreciated, the body of American privacy law – its system of protections for personal information, as well as the numerous enforcement avenues that exist, – become much easier to appreciate, and American privacy law becomes much more comprehensible.
Suggested Citation: Suggested Citation