Member Article

Although data protection laws globally are converging around a set of shared concerns, there is little prospect of their being harmonised. Ultimately, data protection and data privacy issues are rooted in local culture, and evolve in response to specific local challenges.

In Europe, our data protection laws were a strong reaction against secret reporting by the state on its citizens that was widespread after the Second World War.  In China, historically a communal culture, there is no naturally occurring word for our western concept of ‘privacy,’ and data privacy laws have emerged from concerns about the misuse of personal data in a marketing and e-commerce context.

In the US, there is a great deal of data privacy law, but the legal framework has evolved in response to sector specific challenges. Thus, the US has a patchwork of privacy laws, rather than an omnibus framework, as in the EU. Against this backdrop of difference and diversity, not just in terms of our legal frameworks but also cultural, social and economic diversity, the harmonisation of data protection law is not a realistic prospect. But interoperability — the idea that we can use codes of conduct and other tools to plug the gaps between differing privacy regimes and ensure a degree of consistency — is a very real prospect.

Creating interoperable frameworks is no straightforward task. The first step is to identify common ground on which to build, with understanding the similarities and differences between regimes as being the logical starting place. This is the challenge, and the opportunity, that has been entrusted to a group of data protection experts in the US and in Europe.

Jacob Kohnstamm, Chairman of the Dutch Data Protection Authority and former Chairman of the Article 29 Working Party, is leading an initiative to bridge the gaps between US and EU approaches to privacy regulation. Known as the ‘Privacy Bridge Project’, he has appointed a group of privacy experts, deliberately not selected from the business world, to apply their considerable knowledge and insight to this initiative. The roundtable meetings will be organised by the Massachusetts Institute of Technology CSAIL Information Policy Project (MIT), and the Institute for Information Law (IViR) of the University of Amsterdam.

Bridge building is a useful analogy for some of the challenges that lie ahead in data privacy. Cultural and legal differences between the EU and US will always exist, but amongst the differences lie a number of shared areas of concern, and a great many common objectives.  The world of big data, analytics, the internet of things, cloud computing and government surveillance raises privacy challenges on both sides of the Atlantic.  Additionally, and at a more practical level, in the commercial world, businesses need to build bridges in order to enable global solutions to be utilised, and to ensure the free flow of information in the digital economy.

Although the US and the EU share a common goal of effective privacy protection, misunderstandings and differences between transatlantic legal systems pose challenges. Initial discussions within the Privacy Bridge Project will encourage participants to focus on common goals and shared privacy values, rather than focusing on differences. The group will work to develop policy recommendations and practical guidance for enabling crossborder data flows and promoting privacy on both sides of the Atlantic. The output will be a report that will be presented at the 2015 International Conference of Privacy and Data Protection Commissioners, to be hosted by Kohnstamm in the Netherlands.

In a world in which data are ubiquitous, we need initiatives that enable rather than impede data flows around the globe, whilst simultaneously safeguarding privacy values. The Privacy Bridges Project is a welcome contribution to this difficult, but necessary debate.