Skip to main content Accessibility help
×
Home

The Limitations of European Data Protection As A Model for Global Privacy Regulation

  • Shannon Togawa Mercer (a1)
  • View HTML
    • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      The Limitations of European Data Protection As A Model for Global Privacy Regulation
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      The Limitations of European Data Protection As A Model for Global Privacy Regulation
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      The Limitations of European Data Protection As A Model for Global Privacy Regulation
      Available formats
      ×

Abstract

  • An abstract is not available for this content so a preview has been provided below. To view the full text please use the links above to select your preferred format.

Copyright

This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.

Footnotes

Hide All

Thanks to Danielle Keats Citron, Gráinne de Burca, Quinta Jurecic, Julie Rheinstrom, Alan Rozenshtein, Eve-Christie Vermynck, and Tom Williams for comments on earlier drafts.

Footnotes

References

Hide All

1 See, e.g., Paul M. Schwartz, Global Data Privacy: The E.U. Way, 94 N.Y.U. L. Rev. 771 (2019); Mark Scott & Lauren Cerulus, Europe's New Data Protection Rules Export Privacy Standards Worldwide, Politico (Jan. 31, 2018).

2 See, e.g., Anupam Chander et al., Catalyzing Privacy Law (U. Colorado Law Legal Studies Research Paper No. 19-25, 2019); see generally James Q. Whitman, The Two Western Cultures of Privacy: Dignity Versus Liberty, 113 Yale L.J. 1151 (2004); Greg St. Martin, We Know You're Not Reading All Those G.D.P.R.-Related Privacy Policy Emails. Maybe You Should., News@Northeastern (May 22, 2018).

3 The History of the General Data Protection Regulation, Eur. Data Prot. Supervisor; see also General Data Protection Regulation Incorporated into the EEA Agreement, Eur. Free Trade Ass'n.

4 See generally Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, 1995 O.J. (L 281) 31.

5 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. Article 3 (L 119) 1 [hereinafter GDPR].

6 See CNIL's Restricted Committee Imposes a Financial Penalty of 50 Million Euros Against Google LLC (Jan. 21, 2019).

7 UK Information Commissioner's Office, Press Release, Intention to Fine British Airways £183.39m Under GDPR for Data Breach (July 8, 2019); see also UK Information Commissioner's Office, Statement, Intention to Fine Marriott International, Inc More than £99 Million Under GDPR for Data Breach (July 9, 2019).

8 Schwartz, supra note 1, at 4, 30.

9 Id. at 6.

10 Id. at 1.

11 See generally The White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (Feb. 2012).

12 Chander et al., supra note 2, at 54.

13 For a critical analysis of the federal and state privacy law systems in the United States, see generally Bilyana Petkova, The Safeguards of Privacy Federalism, 20 Lewis & Clark L. Rev. 595 (2016).

14 See, e.g., Paul M. Schwartz & Karl-Nikolaus Peifer, Transatlantic Data Privacy Law, 106 Geo. L.J. 115, 120 (2017).

15 Chander et al., supra note 2, at 12.

16 See, e.g., Griswold v. Connecticut, 381 U.S. 479 (1965). See generally Samuel Warren & Louis Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890); William Prosser, Privacy, 48 Cal. L. Rev. 383 (1960); and the California Law Review Symposium on Prosser's Privacy at 50, Vol. 98, No. 6 (Dec. 2010).

17 Chander et al., supra note 2, at 13.

18 See Lindsey Barrett, Confiding in Con Men: U.S. Privacy Law, the GDPR and Information Fiduciaries, 42 Seattle U. L. Rev. 1057, 1059 (2019); see also Danielle Keats Citron, The Privacy Policymaking of State Attorneys General, 92 Notre Dame L. Rev. 747 (2016); Schwartz & Peifer, supra note 14, at 120; Anu Bradford, The Brussels Effect, 107 Northwestern U. L. Rev. (2012), supra note 12, at 22–23.

19 See generally Wesley Newcomb Hohfeld, Fundamental Legal Conceptions as Applied in Judicial Reasoning and Other Legal Essays, 26 Yale L.J. 710 (1917).

20 Neil M. Richards & Woodrow Hartzog, Privacy's Constitutional Moment 61 B.C. L. Rev. [2], [54] (forthcoming 2020).

21 Chander et al., supra note 2, at 24–37.

22 Id. at 14–15.

23 Id. at 18–19.

24 See Jack M. Balkin, Information Fiduciaries and the First Amendment, 49 U.C. Davis L. Rev. 1183, 1205 (2016).

25 See, e.g., Jack M. Balkin & Jonathan Zittrain, A Grand Bargain to Make Tech Companies Trustworthy, Atlantic (Oct. 3, 2016); see also Barrett, supra note 18. But see Lina Khan & David Pozen, A Skeptical View of Information Fiduciaries, 133 Harv. L. Rev. 497 (2019).

26 See Jill Cowan, How Much Is Your Data Worth?, N.Y. Times (Mar. 25, 2019).

27 European Commission, Press Release, Speech by European Commissioner Vera Jourova on the EU-US Digital Cooperation: A Common Response to Tech Challenges, Brookings Inst. (Apr. 11, 2019).

28 Kartikay Mehrotra et al., Google and Other Tech Firms Seek to Weaken Landmark California Data-Privacy Law, L.A. Times (Sept. 4, 2019).

29 See Daniel Castro & Michael McLaughlin, The GDPR Will Make Your Online Experience Worse, Fortune (May 23, 2018); Oliver Smith, The GDPR Racket: Who's Making Money from This $9bn Business Shakedown, Forbes (May 2, 2018); Tim Worstall, Is GDPR Worth the Cost?, ComputerWeekly (June 5, 2019).

30 See Nina Trentmann, Data Protection Concerns Upend M&A Plans, Wall St. J. (Nov. 13, 2018).

31 30% of European Businesses Are Still Not Compliant with GDPR, RSM Global (July 22, 2019).

32 Mahotra et al., supra note 28.

33 Laurence Dodds & Olivia Rudgard, Is Europe Winning the Argument on How to Regulate Big Tech?, Telegraph (July 6, 2019).

34 GDPR, supra note 5, arts. 22, 13, 14.

35 See Forbes Insights with Intel AI, Rethinking Privacy for the AI Era, Forbes (Mar. 27, 2019).

36 See, e.g., Heather Long, In Davos, U.S. Executives Warn that China Is Winning the AI Race, Wash. Post (Jan. 23, 2019).

37 Bhaskar Chakravorti, Why the Rest of the World Can't Free Ride on Europe's GDPR Rules, Harv. Bus. Rev. (Apr. 30, 2018).

38 See, e.g., Prashant Reddy T., Should There Be a “Developing Country” Template for Data Protection Legislation?, The Wire (May 17, 2018); Leonid Bershidsky, Europe's Privacy Rules Are Having Unintended Consequences, Bloomberg Opinion (Nov. 14, 2018); Jedidiah Yueh, GDPR Will Make Big Tech Even Bigger, Forbes (June 26, 2018).

39 See Jennifer Baker, What Does the Newly Signed “Convention 108+” mean for UK Adequacy?, Int'l Ass'n of Privacy Professionals (Oct. 30, 2018).

40 Shannon Togawa Mercer, Sorting Through GDPR: What to Watch After May 25, Lawfare (May 25, 2018).

Thanks to Danielle Keats Citron, Gráinne de Burca, Quinta Jurecic, Julie Rheinstrom, Alan Rozenshtein, Eve-Christie Vermynck, and Tom Williams for comments on earlier drafts.

The Limitations of European Data Protection As A Model for Global Privacy Regulation

  • Shannon Togawa Mercer (a1)

Metrics

Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed