DOCSLIB.ORG

Understanding the Data Privacy Divide Between the European Union and the United States

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Understanding the Data Privacy Divide Between the European Union and the United States FACULTY OF LAW LUND UNIVERSITY MAXIMIN ORSERO UNDERSTANDING THE DATA PRIVACY DIVIDE BETWEEN THE EUROPEAN UNION AND THE UNITED STATES SUPERVISOR: XAVIER GROUSSOT JAEM03 MASTER THESIS 30 HIGHER EDUCATION CREDITS EUROPEAN BUSINESS LAW TERM: SPRING 2019 ABSTRACT This Thesis seeks to give its reader the tools to understand the data privacy divide between the EU and the US. It explains the crucial notions, historical and jurisprudential factors and regulatory frameworks underlying and constituting it. First, it answers why regulating data privacy is paramount to our democratic societies on both sides of the Atlantic. The growing importance of the data driven economy, whose raw material is our personal data, creates challenges to basic democratic values, for example privacy and the freedom of speech. This Thesis explores the darker side of the digital economy, sometimes referred to as a form of surveillance capitalism. It describes how the advertisement-based business model of some of the most successful internet companies may, if left unregulated, render citizens vulnerable to enhanced forms of influence and manipulation, and weaken essential counter-powers such as dissidents, whistle-blowers and the press. Second, it answers how the EU and US approaches to regulating data privacy differ. In essence, different historical roots and economic incentives on both sides of the Atlantic explain the difference. The EU has had a painful experience with government surveillance and invasions of privacy, in particular in the former German Democratic Republic. On the contrary, the US does not have such history and its economy has enormously benefited from lax data privacy regulations, allowing it to grow internet giants. As a result, the EU regulates privacy and data protection tightly and enshrines them as fundamental rights, while the US takes a more market- based and light-touch approach by treating data privacy essentially as a subset of consumer protection law. Third, it answers why the CJEU decided to invalidate the adequacy decision concerning the first attempt at bridging the divide, the Safe Harbor. In summary, this Thesis argues that the Court was trying to give leverage to the EU as the negotiation of the Safe Harbor 2.0 (now Privacy Shield) were nearing their end, in order for the US to make concessions and agree on a more protective framework than would have otherwise been possible. Fourth, it synthesizes the current avenues for transferring personal data from the EU to US, that is to say, primarily, the Privacy Shield, and other vehicles such as consent and contracts, the SCCs, the BCRs, codes of conducts and certifications. 2 ACKNOWLEDGEMENTS I would like to thank my supervisor Xavier Groussot for his support, not only in writing this final assignment but also for when he was coaching our team in the 2017-2018 EU law moot court competition, and throughout my time in Lund more generally. Je tiens aussi à remercier tout particulièrement Clément pour avoir partagé deux canards à Tolbiac la veille au soir de l’oral. C’était du meilleur effet. Maximin Orsero 3 ABBREVIATIONS BCR Binding Corporate Rules CCPA California Consumer Privacy Act CIA US Central Intelligence Agency CJEU / ECJ / The Court Court of Justice of the European Union Convention 108 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data Data Protection Directive Directive 95/46/EC DoC US Department of Commerce DoJ US Department of Justice DoT US Department of Transport DPA Data Protection Authority DPC Irish Data Protection Commissioner ECHR Convention for the Protection of Human Rights and Fundamental Freedoms ECtHR European Court of Human Rights EDPS European Data Protection Supervisor EDPB European Data Protection Board EEA European Economic Area EU European Union FBI US Federal Bureau of Investigation FISA US Foreign Intelligence Surveillance Act FTA US Federal Trade Commission GC General Court of European Union GDPR General Data Protection Regulation (Regulation 2016/679) 4 IAPP International Association of Privacy Professionals IRM Independant Recourse Mecanism MEP Member of the European Parliament NGO Non-Governmental Organisation NSA US National Security Agency NSLs National Security Letters ODNI US Office of the Director of National Intelligence PNR Passenger Name Record Pr. Professor SCC Standard Contractual Clauses TCE Transaction Costs Economics TEU Treaty on European Union TFEU Treaty on the Functioning of the European Union The Charter / CFR The Charter of Fundamental Rights of the European Union UN United Nations US United States of America 5 TABLE OF CONTENTS Abstract 2 Acknowledgements 3 Abbreviations 4 Table of contents 6 Introduction 9 Background 9 Purpose and research questions 9 Delimitations, methodology and resources 9 Outline 11 1 Why data privacy matters on both sides of the Atlantic 12 1.1 Preliminary remarks on property and data 12 1.1.1 The nature of data 12 1.1.2 Comparison with real and personal property 13 1.1.3 Comparison with intellectual property and related rights 13 1.1.4 Risks associated with the creation of property rights for data 14 1.2 The reasons for regulating data privacy 15 1.2.1 Surveillance capitalism 15 1.2.1.1 The internet’s most popular business model 15 1.2.1.2 The cost of ‘free’ 16 1.2.2 Government surveillance and civil liberties 17 1.2.2.1 Chilling effect 17 1.2.2.2 Balance of powers 18 1.2.3 Security & Transparency v Privacy 19 1.2.3.1 ‘I’ve got nothing to hide’ 20 1.2.3.2 The right to be forgotten 21 1.3 First sub-conclusion 24 2 The different approaches to data privacy between the EU and the US 25 2.1 A European rights-talk approach and ‘omnibus’ laws 25 2.1.1 Privacy and data protection as fundamental rights 25 6 2.1.2 The differences between data protection and privacy in Europe 27 2.1.3 An ‘omnibus’ legal framework 28 2.2 An American marketplace approach and ‘patchwork’ laws 29 2.2.1 Personal data as a commodity for the privacy consumer 29 2.2.2 A ‘patchwork’ legal framework 29 2.3 Second sub-conclusion 31 3 The downfall of the Safe Harbor 32 3.1 Background 32 3.1.1 How the EU regulates international personal data transfers in general 32 3.1.2 Commission Decision 2000/520 ‘Safe Harbor’ 33 3.1.3 The Snowden revelations 34 3.2 The Schrems judgement 35 3.2.1 Facts of the case 35 3.2.2 The reference for a preliminary ruling 36 3.2.3 Reasoning of the Court 37 3.3 Receptions of the judgement 38 3.4 Ten myths about the Schrems case 40 3.4.1 The invalidation of Commission Decision 2000/520 was inevitable 41 3.4.2 The Safe Harbor was a treaty 41 3.4.3 The Safe Harbor was invalidated 41 3.4.4 The Safe Harbor was meant to address government surveillance issues 42 3.4.5 The Safe Harbor was poorly enforced by the FTC 42 3.4.6 The main victims were the US companies participating in the program 43 3.4.7 Data transfers to the US were rendered illegal 43 3.4.8 US law was not ‘adequate’ because not ‘equivalent’ to the EU legal order 43 3.4.9 EU data subjects had access to no means of redress nor remedies 44 3.4.10 The CJEU enhanced privacy protection for EU citizens 44 3.5 Third sub-conlusion 45 4 The current framework: the Privacy Shield and other compliance vehicles 46 4.1 Negotiations of Safe Harbor 2.0 and ‘re-branding’ to Privacy Shield 46 4.2 Content of the Privacy Shield package 46 4.3 Annual reviews of the Privacy Shield 47 4.3.1 Commercial considerations 48 4.3.2 Access by US authorities for national security and law enforcement 50 7 4.4 The uncertain future of the Privacy Shield 51 4.5 Alternatives to the Privacy Shield 54 4.5.1 Consent and contracts 54 4.5.2 Standard Contractual Clauses 55 4.5.3 Binding Corporate Rules 56 4.5.4 Codes of conducts and certifications 57 4.6 Fourth sub-conclusion 57 Summary and general conclusion 58 References 60 Academic sources 60 ECtHR case law and Council of Europe documentation 62 CJEU case law and opinions of Advocates General 62 US Supreme Court case law 63 Other US case law 63 EU statutes 63 US federal statutes 64 California statutes 64 References from official US institutions 65 References from official EU institutions 65 Sources from official EU Member States’ institutions 67 Professional publications by international law firms 67 Other professional legal publications 68 Press and media sources 69 Other resources 71 8 INTRODUCTION Background Data protection and privacy are fundamental rights in the EU. In the US, information privacy is a subset of consumer protection law and has no such quasi-constitutional value. The EU, by principle, considers transfers of personal data as illegal. The American regime is the exact opposite. The US’ technology companies are the most valuable in the world. The EU barely ever developed such a data-driven industry. Yet, the EU and the US are the two largest economies in the world, and data flows between them are paramount for the current digital economy. Starting from these two diametrically opposite positions, I was wondering how this Transatlantic data privacy divide is bridged. Purpose and research questions The purpose of this Thesis will be to give its reader an understanding of 1) what makes privacy so important in our modern economies and democracies on both sides of the Atlantic, 2) how the EU and the US approaches to regulating it differ, 3) why the first framework bridging the Transatlantic privacy divide, i.e.
Load more

Recommended publications
  • Reconciling Data Privacy and the First Amendment
    RECONCILING DATA PRIVACY AND THE FIRST AMENDMENT Neil M. Richards This Article challenges the First Amendment critique of data privacy regulaion- the claim that data privacy rules restrict the dissemination of truthful information and thus violate the FirstAmendment. The critique, which is ascendant in privacy discourse, warps legislative and judicial processes and threatens the consti- tutionalization of information policy. The First Amendment critique should be rejected for three reasons. First, it mistakenly equates privacy regulation with speech regulation. Building on scholarship examining the boundaries of First Amendment protection, this Article suggests that "speech restrictions" in a wide variety of commercial contexts have never triggered heightened First Amendment scru- tiny, refuting the claim that all information flow regulations fall within the First Amendment. Second, the critique inaccurately describes current First Amendment doctrine. To demonstrate this point, this Article divides regulations of information flows into four analytic categories and demonstrates how, in each category, ordinary doctrinal tools can be used to uphold the constitutionality of consumer privacy rules. Third, the critique is normatively unpersuasive. Relying on recent intellectual histories of American constitutional law, this Article argues that fundamental jurisprudentialreasons counsel against acceptance of the First Amendment critique. From the perspective of privacy law, there are striking parallels between the critique's advocacy of "freedom of information" and the discredited "freedom of contract" regime of Lochner. More importantly, from the perspective of First Amendment law, the critique threatens to obliterate the distinction between economic and political rights at the core of post-New Deal constitutionalism. Rejecting the FirstAmendment critique thus has real advantages.
    [Show full text]
  • Law, Technology, and Public Health in the COVID-19 Crisis
    Privacy in Pandemic: Law, Technology, and Public Health in the COVID-19 Crisis Tiffany C. Li* The COVID-19 pandemic has caused millions of deaths and disastrous consequences around the world, with lasting repercussions for every field of law, including privacy and technology. The unique characteristics of this pandemic have precipitated an increase in use of new technologies, including remote communications platforms, healthcare robots, and medical AI. Public and private actors alike are using new technologies, like heat sensing, and technologically influenced programs, like contact tracing, leading to a rise in government and corporate surveillance in sectors like healthcare, employment, education, and commerce. Advocates have raised the alarm for privacy and civil liberties violations, but the emergency nature of the pandemic has drowned out many concerns. This Article is the first comprehensive account of privacy in pandemic that maps the terrain of privacy impacts related to technology and public health responses to the COVID-19 crisis. Many have written on the general need for better health privacy protections, education privacy protections, consumer privacy protections, and protections against government and corporate surveillance. However, this Article is the first comprehensive article to examine these problems of privacy and technology specifically in light of the pandemic, arguing that the lens of the pandemic exposes the need for both wide-scale and small-scale reform of privacy law. This Article approaches these problems with a focus on technical realities and social * Visiting Clinical Assistant Professor, Boston University School of Law; Fellow, Yale Law School Information Society Project. The author thanks Tally Amir, Chinmayi Arun, Jack M.
    [Show full text]
  • Privacy As Privilege: the Stored Communications Act and Internet Evidence Contents
    PRIVACY AS PRIVILEGE: THE STORED COMMUNICATIONS ACT AND INTERNET EVIDENCE Rebecca Wexler CONTENTS INTRODUCTION .......................................................................................................................... 2723 I. THE INTERNET AND THE TELEGRAPH ....................................................................... 2730 A. The Puzzle ........................................................................................................................ 2731 B. The Stored Communications Act .................................................................................. 2735 C. Telegraph Privacy Statutes ............................................................................................. 2741 II. PRIVACY AS PRIVILEGE .................................................................................................... 2745 A. Statutory Privileges ........................................................................................................ 2745 1. Defining Statutory Privileges ................................................................................... 2745 2. Common Features of Privileges ............................................................................... 2748 3. Confidentiality Without Privilege ........................................................................... 2750 4. The Current Stored Communications Act Privilege ............................................. 2753 B. The Rules that Govern Statutory Privilege Construction .........................................
    [Show full text]
  • Anonymity, Faceprints, and the Constitution Kimberly L
    University of Baltimore Law ScholarWorks@University of Baltimore School of Law All Faculty Scholarship Faculty Scholarship Winter 2014 Anonymity, Faceprints, and the Constitution Kimberly L. Wehle University of Baltimore School of Law, [email protected] Follow this and additional works at: http://scholarworks.law.ubalt.edu/all_fac Part of the Constitutional Law Commons, Fourth Amendment Commons, and the Privacy Law Commons Recommended Citation Anonymity, Faceprints, and the Constitution, 21 Geo. Mason L. Rev. 409 (2014) This Article is brought to you for free and open access by the Faculty Scholarship at ScholarWorks@University of Baltimore School of Law. It has been accepted for inclusion in All Faculty Scholarship by an authorized administrator of ScholarWorks@University of Baltimore School of Law. For more information, please contact [email protected]. 2014] 409 ANONYMITY, FACEPRINTS, AND THE CONSTITUTION Kimberly N. Brown' INTRODUCTION Rapid technological advancement has dramatically expanded the war­ rantless powers of government to obtain information about individual citi­ zens directly from the private domain. Biometrics technology I-such as voice recognition, hand measurement, iris and retinal imaging, and facial recognition technology ("FRT")-offers enormous potential for law en­ forcement and national security. But it comes at a cost. Although much of the American public is complacent with government monitoring for securi­ ty reasons,2 people also expect to go about daily life in relative obscurity­ unidentifiable to others they do not already know, do not care to know, or are not required to know-so long as they abide by the law. The reality is quite different. The government and the private sector have the capacity for surveillance of nearly everyone in America.
    [Show full text]
  • Anonymity, Obscurity, and Technology: Reconsidering Privacy in the Age of Biometrics
    ANONYMITY, OBSCURITY, AND TECHNOLOGY: RECONSIDERING PRIVACY IN THE AGE OF BIOMETRICS JONATHAN TURLEY ABSTRACT For decades, cinematic and literary works have explored worlds without privacy: fishbowl societies with continual, omnipresent surveillance. For those worried about a post-privacy world, facial recognition technology and other biometric technology could well be the expanding portal to that dystopia. These technologies are rapidly transforming a society predicated on privacy into a diaphanous society where identity and transparency are defining elements. Biometric technology is perfectly suited to evade current privacy protections and doctrines because it presents new challenges to the existing legal framework protecting privacy. The greatest threat of this technological shift is to democratic activities—the very reason that countries such as China have invested so heavily into biometric surveillance systems. This Article explores how our traditional privacy notions fit into a new age of biometrics. It seeks to frame the debate on what values society’s notions of privacy protect, and how to protect them. After exploring prior approaches and definitions to privacy, it proposes a shift from an emphasis on anonymity to a focus on obscurity. The truth is that we now live in a “nonymous” world where our movements and associations will be made increasingly transparent. This Article concludes by recommending a comprehensive approach to biometric technology that would obscure increasingly available images and data while recasting privacy protections to fit a new and unfolding biometric reality. This obscurity will allow participation in society to continue unimpeded by the chilling effects created by the new technology. Without it, our democratic society will never be the same.
    [Show full text]
  • Fighting Cybercrime After United States V. Jones David Gray
    Journal of Criminal Law and Criminology Volume 103 | Issue 3 Article 4 Summer 2013 Fighting Cybercrime After United States v. Jones David Gray Danielle Keats Citron Liz Clark Rinehart Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons Recommended Citation David Gray, Danielle Keats Citron, and Liz Clark Rinehart, Fighting Cybercrime After United States v. Jones, 103 J. Crim. L. & Criminology 745 (2013). https://scholarlycommons.law.northwestern.edu/jclc/vol103/iss3/4 This Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/13/10303-0745 THE JOURNAL OF CRIMINAL LAW & CRIMINOLOGY Vol. 103, No. 3 Copyright © 2013 by David Gray, Danielle Keats Citron & Liz Clark Rinehart Printed in U.S.A. FIGHTING CYBERCRIME AFTER UNITED STATES V. JONES DAVID GRAY,* DANIELLE KEATS CITRON** & LIZ CLARK RINEHART*** In a landmark nondecision last term, five Justices of the United States Supreme Court would have held that citizens possess a Fourth Amendment right to expect that certain quantities of information about them will remain private, even if they have no such expectations with respect to any of the information or data constituting that whole. This quantitative approach to evaluating and protecting Fourth Amendment rights is certainly novel and raises serious conceptual, doctrinal, and practical challenges. In other works, we have met these challenges by engaging in a careful analysis of this “mosaic theory” and by proposing that courts focus on the technologies that make collecting and aggregating large quantities of information possible.
    [Show full text]
  • Paul M. Schwartz
    PAUL M. SCHWARTZ Jefferson E. Peyerser Professor of Law U.C. Berkeley School of Law email: Boalt Hall # 7200 [email protected] Berkeley, California 94720-7200 Website: www.paulschwartz.net EDUCATION: Yale Law School, J.D., June 1985 Yale Law Journal, Volume 94, Senior Editor Brown University, B.A. 1981, magna cum laude Honors in history and English, Phi Beta Kappa PUBLICATIONS BOOKS: PRIVACY LAW FUNDAMENTALS 2015 (IAPP, 2015) (Daniel J. Solove, co- author) PRIVACY LAW FUNDAMENTALS 2013 (IAPP, 2013) (Daniel J. Solove, co- author) PRIVACY LAW FUNDAMENTALS (IAPP, 2011) (Daniel J. Solove, co- author) INFORMATION PRIVACY LAW (ASPEN PUBLISHERS, 5th ed., 2014) (Daniel J. Solove, co-author) CONSUMER PRIVACY & DATA PROTECTION (ASPEN PUBLISHERS, 1st ed., 2015)(Daniel J. Solove, co-author). Abridged, paperback version of INFORMATION PRIVACY LAW. PRIVACY, LAW ENFORCEMENT & NATIONAL SECURITY (ASPEN PUBLISHERS, 1st ed., 2015)(Daniel J. Solove, co-author). Abridged, paperback version of INFORMATION PRIVACY LAW. PRIVACY AND THE MEDIA AND PRIVACY LAW (ASPEN PUBLISHERS, 2d Paul M. Schwartz Page 2 ed., 2015)(Daniel J. Solove, co-author). Abridged, paperback version of INFORMATION PRIVACY LAW. PRIVACY, INFORMATION, AND TECHNOLOGY (ASPEN PUBLISHERS, 3d ed., 2011)(Daniel J. Solove, co-author). Abridged, paperback version of INFORMATION PRIVACY LAW. INFORMATION PRIVACY STATUTES AND REGULATIONS, 2010-2011 (ASPEN PUBLISHERS, 2008) (Daniel J. Solove, co-editor) ON-LINE SERVICES, DATA PROTECTION LAW AND PRIVACY: REGULATORY RESPONSES (Official Pub.of the European Union, Brussels, 1998)(Joel R. Reidenberg, co-author). Study carried out for the Commission of the European Communities (DGXV) regarding on- line privacy in Belgium, France, Germany, and the United Kingdom.
    [Show full text]
  • The Pii Problem: Privacy and a New Concept of Personally Identifiable Information
    \\jciprod01\productn\N\NYU\86-6\NYU603.txt unknown Seq: 1 28-NOV-11 15:01 THE PII PROBLEM: PRIVACY AND A NEW CONCEPT OF PERSONALLY IDENTIFIABLE INFORMATION PAUL M. SCHWARTZ† & DANIEL J. SOLOVE‡ Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what consti- tutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law. In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates informa- tion that relates to either an “identified” or “identifiable” individual, and it estab- lishes different requirements for each category.
    [Show full text]
  • Justin Brookman
    3/25/2019 Senate Commerce testimony 3.26.19 - Google Docs Statement of J ustin Brookman Director, Privacy and Technology Policy Consumer Reports Before the Senate Subcommittee on Manufacturing, Trade, and Consumer Protection on Small Business Perspectives on a Federal Data Privacy Framework March 26, 2019 On behalf of Consumer Reports, I want to sincerely thank you for the opportunity to testify here today. We appreciate the leadership of Chairman Moran and Ranking Member Blumenthal not only for holding this important hearing, but also for working in a constructive, bipartisan fashion to develop smart and effective comprehensive privacy legislation for American consumers. Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. Consumer Reports has more than 6 million members and has been protecting consumers since 1936. We evaluate approximately 2,800 products and services each year, including testing for privacy and information security. Comprehensive Privacy Legislation is Long Overdue in the United States As an initial matter, it is important to keep in mind the fundamental reason we are debating this issue: the United States lacks any sort of comprehensive framework to protect personal privacy. The Federal Trade Commission has brought a number of important privacy and security cases over the past twenty years under its general purpose consumer protection authority, but its legal authority and resources are extremely limited. The considerable majority of its privacy cases have been under its d eception authority, meaning the company had to affirmatively mislead consumers about their privacy practices. As a result, privacy policies tend to be extremely expansive and vague, providing very little in the way of meaningful information.
    [Show full text]
  • Who Should Be Liable for Online Anonymous Defamtion
    Perry and Zarsky: Who Should Be Liable for Online Anonymous Defamtion Who Should Be Liable for Online Anonymous Defamation? Ronen Perryt and Tal Z. Zarskytt INTRODUCTION The advent of Web 2.0 technologies and applications has en- abled average people-who were previously mere consumers of online content-to publish their own content on various websites, such as blogs, consumer-evaluation platforms (such as Amazon, eflay, and TripAdvisor), news websites (through reader com- ments), social networking services (such as Facebook, Twitter, and Linkedln), media-sharing websites (such as Instagram and YouTube), and collaborative-writing projects (such as Wikipedia). Some of these user contributions may be defamatory, and one of the most complex and intriguing legal questions in this context is: Who should be liable for defamatory statements made online by anonymous (or pseudonymous) users? This Essay critically eval- uates the answers given in various Western jurisdictions and ar- gues that economic analysis supports a revolutionary liability re- gime, which we call "residual indirect liability."1 Our main theoretical contribution lies in recognizing that the legal response to online anonymous defamation should be viewed and analyzed as a combination of two components. The first is the ability (or inability) to bring an action against the content pro- vider-the platform that enables the defamatory statement. Such an action may require modification of substantive law-the recog- nition of some sort of indirect liability.2 The second component is the ability (or inability) to bring an action against the speaker- the anonymous user. Such an action does not require modification t Academic Visitor, Faculty of Law and Centre for Socio-Legal Studies, University of Oxford; Professor of Law and Director of the Aptowitzer Center for Risk, Liability, and Insurance, University of Haifa.
    [Show full text]
  • Reconciling Personal Information in the United States and European Union
    GW Law Faculty Publications & Other Works Faculty Scholarship 2013 Reconciling Personal Information in the United States and European Union Daniel J. Solove George Washington University Law School, [email protected] Paul M. Schwartz Follow this and additional works at: https://scholarship.law.gwu.edu/faculty_publications Part of the Law Commons Recommended Citation Solove, Daniel J. and Schwartz, Paul M., "Reconciling Personal Information in the United States and European Union" (2013). GW Law Faculty Publications & Other Works. 956. https://scholarship.law.gwu.edu/faculty_publications/956 This Article is brought to you for free and open access by the Faculty Scholarship at Scholarly Commons. It has been accepted for inclusion in GW Law Faculty Publications & Other Works by an authorized administrator of Scholarly Commons. For more information, please contact [email protected]. RECONCILING PERSONAL INFORMATION IN THE UNITED STATES AND EUROPEAN UNION By Paul M. Schwartz* Daniel J. Solove** May 3, 2013 EXECUTIVE SUMMARY ......................................................................................................... 3 I. INTRODUCTION ................................................................................................................... 5 II. DEFINING PII ON BOTH SIDES OF THE ATLANTIC ................................................. 6 A. THE EU: FROM THE DIRECTIVE TO THE PROPOSED REGULATION ....................................... 7 1. The EU Data Protection Directive ...............................................................................
    [Show full text]
  • Privacy, Plaintiff, and Pseudonyms: the Anonymous Doe Plaintiff in the Information
    Brooklyn Law School BrooklynWorks Faculty Scholarship 10-2004 Privacy, Plaintiff, and Pseudonyms: The Anonymous Doe Plaintiff in the nforI mation Age Jayne S. Ressler Brooklyn Law School, [email protected] Follow this and additional works at: https://brooklynworks.brooklaw.edu/faculty Part of the Civil Procedure Commons, and the Privacy Law Commons Recommended Citation 53 U. Kan. L. Rev. 195 (2004-2005) This Article is brought to you for free and open access by BrooklynWorks. It has been accepted for inclusion in Faculty Scholarship by an authorized administrator of BrooklynWorks. Privacy, Plaintiffs, and Pseudonyms: The Anonymous Doe Plaintiff in the Information Age Jayne S. Ressler* I. INTRODUCTION Plaintiffs who enter the litigation process expect to incur certain costs-primarily time and money. Rule 10(a) of the Federal Rules of Civil Procedure, promulgated in 1938, requires that "[i]n the complaint the title of the action shall include the names of all the parties."' This imposes an additional burden upon plaintiffs-accountability for the al- legations that they bring forth. In this era of widespread electronic dis- semination of information, however, Rule 10(a) imposes a cost that could not have been foreseen in 1938-an invasion of privacy. The burden of this new expense is shared by both plaintiffs and society alike, as a result of a judicial system that often appears to value openness at any price. The time has come,2 therefore, for a more liberal approach to pseudony- mous plaintiffs. The need to provide claimant anonymity has been recognized in the criminal context in the form of rape shield laws, but plaintiff privacy concerns play a role in civil cases as well.
    [Show full text]