Over the last forty years, a strong and principled argument that privacy is a fundamental human right deserving special protection in an age of high technology has confronted more pragmatic considerations from a variety of interests. The messy twists and turns of this international struggle have produced a sort of consensus on what it means for an organization to process personal data responsibly. But it is an uneasy consensus, hedged by exemptions and qualifications, and regularly shaken by monumental shifts in the processing powers of technology, and by game changers like the 9/11 attacks.
This conflict is now being played out again with respect to a new Draft Regulation on privacy protection from the European Union. We have heard that this Regulation is too burdensome, that it will block innovation, that it will cost jobs, trade, and investment, that it will kill the online advertising industry, that it will unreasonably extend the reach of European law beyond European borders and exacerbate the transatlantic divide between a more protectionist and regulatory Europe and a more open and innovative United States.
These views are simplistic and misleading. The same fears were expressed twenty years ago when the first set of European privacy rules were proposed. The Internet developed and flourished since that time, and within that framework of national and international privacy law. Privacy protection did not constrain innovation then, and it will not do so today.
Information Privacy and the Geopolitics of Personal Data
Personal data protection, or information privacy law, is all about giving individuals more control over the information that relates to them. It gives certain rights to individuals and also imposes important obligations on organizations. The early laws, introduced mostly in Europe in the 1970s, reflected the technology of the time, and were framed in order to regulate the mainframe “database” and the more discrete, and less networked, systems of records that characterized the early computing era. “Big Brother” was the fear.
As use of the Internet and other digital communication technologies have proliferated, the accessibility of information has grown exponentially, fueling individual empowerment and democratic participation. At the same time, the Internet makes it much easier for organizations to capture, process, and disseminate information about individuals. A wide variety of entities can now observe online behavior by monitoring the network, by tapping into the vast quantity of data collected about individual Internet usage, or by installing spyware directly on individual computers. For as long as individuals have been using the Internet to communicate, shop, apply for services, and network, there has been significant anxiety about the capture and processing of personal information.