Archives

Christopher Wolf, Delusions of Adequacy? Examining the case for finding the US adequate for cross-border EU-US data transfers

By privacylaw | Posted on

Christopher Wolf, Delusions of Adequacy?  Examining the case for finding the US adequate for cross-border EU-US data transfers

Comment by: Joel Reidenberg

PLSC 2013

Workshop draft abstract:

The Council and the European Parliament have given the European Commission the power to determine, on the basis of Article 25(6) of directive 95/46/EC whether a third country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered into. The effect of such a decision is that personal data can flow from the 27 EU countries and three EEA member countries (Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary.  The Commission so far has recognized Andorra, Argentina, Australia, Canada, Switzerland, Faeroe Islands, Guernsey, State of Israel, Isle of Man, Jersey as providing adequate protection.  The Commission has not recognized the privacy framework of the United States as adequate, although it has accepted the US Department of Commerce’s Safe harbor Privacy Principles, and the transfer of Air Passenger Name Record to the United States’ Bureau of Customs and Border Protection.  Despite the elaborate process in the European Union for considering the adequacy of a national privacy framework, the Commission has overlooked essential elements of the US framework that from an objective standard of adequacy should result in a positive finding, and the elimination of burdensome and expensive additional requirements for cross-border transfers of data.  With the possible advent of a new EU General Data Protection Regulation, and the potential for even greater restrictions on cross-border transfers to “non-adequate” nations, this paper reviews the elements of the US framework that entitle the US to a finding of adequacy and shows, with respect to certain data and as to security breaches — one of the most significant threats to privacy — that the US framework is in fact more protective than that in the EU.  The paper acknowledges shortcomings in the frameworks on both sides of the Atlantic, and compares the approaches to improving the frameworks, but concludes that the shortcomings in the US system, real or perceived, are insufficient justification for a refusal by the European Commission to find the US framework adequate.  The paper concludes that the goals of international cooperation, of improving privacy and data protection, of interoperability and of coordinated enforcement will be furthered by the recognition of the US framework as adequate.

Joel Reidenberg, Privacy in Public

By privacylaw | Posted on

Joel Reidenberg, Privacy in Public

Comment by: Franziska Boehm

PLSC 2013

Workshop draft abstract:

The existence and contours of privacy in public are in a state of both constitutional and societal confusion.  As the concurrences in U.S. v. Jones suggested, technological capabilities and deployments undermine the meaning and value of the 4th Amendment’s third-party and ‘reasonable expectation of privacy’ doctrines.  The paper argues that the conceptual problem derives from the evolution of four stages of development in the public nature of personal information.  In the first stage, the obscurity of information in public provided protection for privacy and an expectation of privacy.  In the second stage, accessibility begins to erode the protection afforded by obscurity.  The third stage, complete transparency of information in public, erases any protection through obscurity and undercuts any privacy expectations.  Finally, the fourth stage, publicity of information, or the affirmative disclosure and dissemination of information, destroys traditional notions of protection and expectations.   At the same time, publicity without privacy protection undermines constitutional values of public safety and fair governance.   The paper argues that activity in public needs to have privacy protection framed in terms of ‘public regarding’ and ‘non-public regarding’ acts.

Andrea Matwyshyn, Digital Childhood

By privacylaw | Posted on

Andrea Matwyshyn, Digital Childhood

Comment by: Joel Reidenberg

PLSC 2011

Workshop draft abstract:

The Children’s Online Privacy Protection act suffers from numerous shortcomings. Perhaps the most notable of these deficiencies is the lack of statutory coverage for children over the age of thirteen but below the legal age of contractual capacity.   This article argues that as a matter of contract theory and doctrine, children under the legal age of contractual capacity retain the right to ask that all contracts relating to their conduct online be deemed voidable.   As such, when a minor asks that an agreement (for a non-necessity) be set aside on the basis of lack of capacity, the other party can no longer derive benefit from the consideration paid by the minor, including her information.   A duty of deletion then pertains to the holders of the minor’s information as a matter of contract law.

Joel R. Reidenberg, Transparent Citizens and the Rule of Law

By privacylaw | Posted on

Joel R. Reidenberg, Transparent Citizens and the Rule of Law

Comment by: Rebecca Hulse

PLSC 2010

Workshop draft abstract:

This essay explores the erosion of the boundary between public and private information on the Internet.   The thesis is that the transparency of personal information available online erodes the rule of law in three ways.  First, the transparency of personal information that is created by private sector activities enables government to collect and use personal information available from the private sector in ways that side step political and legal checks and balances. Second, technical self-help in the development of network infrastructure that seeks to assure complete anonymity online may used by individuals and groups to evade legal responsibility and the rule of law.   And third, the transparency of personal information puts national security and legal institutions at risk in ways that will jeopardize faith in the rule of law. The essay concludes with a discussion of governance implications and norms.