Skip to main content Accessibility help
×
Home

A Tale of Two Privacy Laws: The GDPR and the International Right to Privacy

  • Vivek Krishnamurthy (a1)
  • View HTML
    • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      A Tale of Two Privacy Laws: The GDPR and the International Right to Privacy
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      A Tale of Two Privacy Laws: The GDPR and the International Right to Privacy
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      A Tale of Two Privacy Laws: The GDPR and the International Right to Privacy
      Available formats
      ×

Abstract

  • An abstract is not available for this content so a preview has been provided below. To view the full text please use the links above to select your preferred format.

Copyright

This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.

References

Hide All

1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) 1 [hereinafter “GDPR”].

2 See, e.g., Věra Jourová, Eur. Commissioner for Just., Consumers, and Gender, What Next for European and Global Data Privacy?, Address Before the 9th Annual European Data Protection and Privacy Conference (Mar. 20, 2019) (describing the trend in numerous countries toward adopting “an overarching privacy law, with a core set of safeguards and rights, and enforced by an independent supervisory authority,” patterned on the GDPR).

3 International Covenant on Civil and Political Rights, Dec. 16, 1966, 999 UNTS 171 [hereinafter ICCPR].

4 Samuel Warren & Louis Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890).

5 Oliver Digglemann & Maria Nicole Cleis, How the Right to Privacy Became a Human Right, 14 Hum. Rts. L. Rev. 441, 441 (2014).

6 Universal Declaration of Human Rights, Dec. 10, 1948, GA Res. 217 A (III) (1948).

7 European Convention for the Protection of Human Rights and Fundamental Freedoms, Nov. 4, 1950, E.T.S. No. 5 [hereinafter ECHR].

8 Diggleman & Cleis, supra note 5, at 457.

9 Article 17 of the ICCPR states:

  1. 1.

    1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.

  2. 2.

    2. Everyone has the right to the protection of the law against such interference or attacks.

10 Human Rights Committee, General Comment 16 (Thirty-second session, 1994), Compilation of General Comments and General Recommendations Adopted by Human Rights Treaty Bodies, UN Doc. HRI\GEN\1\Rev.1 at 21 (1994) [hereinafter General Comment 16].

11 See generally ICCPR, supranote 3, art. 40. See also Helen Keller & Leena Grover, General Comments of the Human Rights Committee and their Legitimacy, in UN Human Rights Treaty Bodies 129–30 (Helen Keller & Geir Ulfstein eds., 2012).

12 General Comment 16, supra note 10, paras. 3–9.

13 Id. at para. 1.

14 Id.

15 Id. at para. 10 (emphasis added).

16 Every EU member state has ratified the ICCPR. See U.N. Office of the High Commissioner of Human Rights, Status of Ratification Interactive Dashboard (choose “International Covenant on Civil and Political Rights” from the drop-down menu).

17 See, e.g., Lawrence v. Texas, 539 U.S. 558, 564-55 (2003); A, B & C v. Ireland [GC], no. 25579/05, §§243–68, ECHR 2010-VI.

18 The GDPR governs data processing activities by the EU and its member governments in all contexts other than those specifically excluded by Article 2(2).

19 A notable example of this trend is privacy legislation introduced in Washington State earlier this year that was expressly modeled on the GDPR. Washington Privacy Act, H.B. 5376, Reg. Sess. (Wash. 2019). The legislation ultimately failed, however. See Lucas Ropek, Why Did Washington State's Privacy Legislation Collapse?, Gov. Tech. (Apr. 19, 2019). To be sure, the GDPR incentivizes other jurisdictions to adopt similar laws, inasmuch as Article 45 conditions transfers of Europeans’ data to such jurisdictions only if the European Commission has determined that the jurisdictions to provide an “adequate level of protection” for such data.

20 Graham Greenleaf finds that 54 of the 120 data privacy laws in force around the world in 2017 are based on the model established in Europe by the GDPR and its predecessor, the EU Data Directive of 1995. See Graham Greenleaf, Global Data Privacy Laws 2017, 145 Privacy L. & Bus. Int'l. Rep. 10, 11–13 (2017).

21 General Comment 16, supra note 10, para. 10.

22 Health Insurance Portability and Accountability Act of 1996, Pub. L. 104–191 (Aug. 21, 1996).

23 Family Education Rights and Privacy Act of 1974, Pub. L. 90–247 (Aug. 21, 1974).

24 Financial Services Modernization Act of 1999, Pub. L. 106–102 (Nov. 12, 1999) (widely known as the “Graham-Leach-Bliley Act” or GLBA).

25 Video Privacy Protection Act of 1988, Pub. L. 100–618 (Nov. 5, 1988).

26 Peter Swire & DeBrae Kennedy-Mayo, How Both the EU and the U.S. are “Stricter” Than Each Other for the Privacy of Government Requests for Information, 66 Emory L.J. 617 (2017).

27 General Comment 16, supra note 10, para. 1.

28 California Consumer Privacy Act of 2018, 2018 Cal. Stat. ch. 55. (A.B. 375).

29 See, e.g., Carol A.F. Umhoevfer & Tracy Shapiro, CCPA vs. GDPR: The Same, Only Different, DLA Piper (Apr. 11, 2019).

30 Anupam Chander et al., Catalyzing Privacy Law 25–27 (U. Colorado Law Legal Studies Research Paper No. 19–25, 2019).

31 Id. at 19 (emphasis added).

32 See Robert A. Kagan, Adversarial Legalism (2003), especially chapter 7.

33 Were it to be adopted by the courts, Jack Balkin's notion that large internet platforms should owe fiduciary duties to their users would be an example of how a hoary common law doctrine could be used to ensure that “information concerning a person's private life … is never used for purposes incompatible with the Covenant,” as General Comment 16 advises. Jack M. Balkin, Information Fiduciaries and the First Amendment, 49 U.C. Davis L. Rev. 1183 (2006).

34 Irwin R. Kramer, The Birth of Privacy Law: A Century Since Warren and Brandeis, 39 Cath. U. L. Rev. 703, 715–19 (1990).

A Tale of Two Privacy Laws: The GDPR and the International Right to Privacy

  • Vivek Krishnamurthy (a1)

Metrics

Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed