Talk of trade wars makes the importance of data driven innovation even more pressing. Trade agreements affect not just tangible assets, such as steel and aluminum, but also assets, such as data. Yet the basic conceptualization of the role of privacy and innovating with data in society divides much of the world. Those interested in understanding the divide might want to look at a paper included in the Future of Privacy Forum’s “Paper for Policymakers” program entitled “Transatlantic Data Privacy Law” written by law professors Paul M. Schwartz and Karl-Nikolaus Peifer. The paper discusses the critical differences and similarities between privacy in the United States and privacy and data protection in the European Union. The most pressing difference is the preeminence of privacy as a constitutional right (among other fundamental rights) that defines European citizenship versus the preeminence of free expression in the United States. The EU General Data Protection Regulation (GDPR) guidance, particularly the guidance on profiling and automated decision making, truly illustrate those differences.
Schwartz and Peifer explain the role of constitutionalizing fundamental rights in the Lisbon Treaty in establishing European versus national citizenship. The GDPR cements data protection’s key role. Keep in mind that the GDPR is being implemented as other forces, such as elections in Germany and Italy, further European skepticism. In this context, the focus on autonomy as an aspect of dignity makes a great deal of sense, but it does so at the expense of the role data plays in enhancing a modern economy and society.
As data protection and privacy are being further institutionalized as a key component of European citizenship, the United States is going through a period of deregulation where remedies are increasingly based on demonstrable harms. Furthermore, the U.S. appetite to think with data without restraint accelerates.
The paper’s final section discusses convergence, divergence and new institutions. According to Schwartz and Peifer, the forces for convergence are “shared technological environment, increased political agreement around the benefits of personal data flow, and common security and law enforcement concerns.” As for divergence, the authors write: “Of greater significance, in our view, are the different conceptions of legal identity in the two systems. In the EU, rights talk seeks to create a new political identity, that of the European citizen. . . . No similar constitutional interest exists in the United States, and no incentive is present to encourage expansion of the limited privacy rights that do exist.”
My sense is that over time the shared technological environment (and the data associated with it) will be a driver of convergence not only between Europe and the United States but also globally. For that to occur, there needs to be a bridging mechanism. I believe that bridging mechanism is a concept “socially beneficial activities” as an exception to consent captured in the Office of the Privacy Commissioner of Canada’s consent report. The IAF has committed its
resources to making “socially beneficial activities” a trusted processing based on assessments that demonstrate that such processing is legal, fair and just.