Law in the Internet Society

View   r1
OnaMunozRuscalledaSecondEssay 1 - 26 Nov 2023 - Main.OnaMunozRuscalleda
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="SecondEssay"

The American Dream has been dethroned by the European Dream

-- By OnaMunozRuscalleda - 26 Nov 2023

Introduction

The American Dream, often considered the embodiment of freedom and individual rights in the United States, is facing scrutiny in the realm of data privacy. How can the US be considered the epitome of freedom when its citizens’ private data is constantly being tracked without their consent?

Privacy in the European Union

In 2016, the European Union introduced the General Data Protection Regulation (GDPR), a robust framework dedicated to safeguarding privacy and human rights. This legislation imposes stringent requirements on organizations operating within EU countries, establishing seven key principles that include data minimization, storage limitations, and transparency, among others. Non-compliance with the GDPR results in substantial fines, creating a robust regulatory environment.

Privacy in the United States

Conversely, the United States lacks a comprehensive data privacy law applicable to all data types and companies. Existing legislation fails to provide holistic protection for individuals' data privacy. Firstly, the Privacy Act of 1974 which governs how federal agencies can collect and use data about individuals in its system of records. This act does not prohibit companies from gathering data on individuals, but prohibits companies from disclosing personal information without written consent from an individual. Secondly, the Health Insurance Portability and Accountability Act of 1996, which regulates how healthcare providers can use a patient’s personal health data. Third, the Gramm-Leach-Bliley Act of 1998, which regulates data privacy concerns for financial institutions. Finally, the Children’s Online Privacy Protection Act of 1998, which regulates what companies can do with the data collected from children under the age of 13. As can be seen, these pieces of legislation constitute a patchwork of legislation which fails to provide comprehensive protection for individual’s data privacy. Some US States have imposed more severe data limitations, such as the California Consumer Privacy Act, which states that consumers have the right to limit the use and disclosure of sensitive personal information collected about them, but there are very few states which have done so. Furthermore, in 2018 US Congress enacted the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which effectively overrules the GDPR. The CLOUD Act allows US authorities to access all data stored on servers operated by American cloud providers, and includes users who do not reside in the US (the title itself makes sure to include the “overseas” clarification). The consequence of this Act being enacted is that it is practically impossible for companies to comply with the GDPR, since doing so would entail violating the CLOUD Act.

Explaining the Differences

Fundamental differences in approach stem from the constitutional underpinning of data privacy. In the European Union, personal data protection is enshrined as a fundamental right under Article 8 of the EU Charter of Fundamental Rights. In contrast, the U.S. treats data privacy as part of consumer protection law, primarily within the business sector. Other arguments posit that influential U.S. tech companies advocate for lax online privacy regulations to maintain their information access and power, potentially hindering their competitiveness globally. Additionally, assertions are made that mass surveillance is more normalized in the U.S. compared to the European Union.

The Way Forward & Proposed Solutions

While acknowledging the complexities, it is imperative for the U.S. to adopt comprehensive data privacy legislation. The Trans-Atlantic Data Privacy Framework, agreed upon in 2022 between the EU and the U.S., represents a positive first step. According to this agreement, data will be able to flow freely between the EU and participating US companies. Furthermore, there will be a new set of rules and safeguards to limit access to data by US intelligence authorities to what is necessary and proportionate to protect national security, and a new two-tier redress system to investigate and resolve complaints of Europeans on access of data by US intelligence authorities (emphasis added). While a good start, there are still issues with this agreement: firstly, the fact that it is not mandatory for all companies, but rather only participating ones; secondly, the fact that there is no definition to what necessary and proportionate entails, leaving the door open for potential abuses; and third, the fact that there is an underlying assumption that Europeans are the only ones that will be able to seek remedy for data breach violations. Thus, there is still a long way to go. To address these concerns, the U.S. should consider two potential approaches. Firstly, a judicial interpretation of the Fourth Amendment (the right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures…) could extend its protection to include data privacy. Secondly, the U.S. should contemplate enacting a comprehensive bill, modeled after the GDPR, to ensure robust protection of individuals' data beyond their roles as consumers.

Conclusion

The absence of comprehensive data privacy legislation in the U.S. cannot be justified. Recognizing the evolving landscape and the possibility of legislative change, a concerted effort is needed to establish a framework that guarantees the protection of individual data and aligns with contemporary privacy norms.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Revision 1r1 - 26 Nov 2023 - 22:51:37 - OnaMunozRuscalleda
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM