In many of my recent presentations on privacy and information policy, I’ve drawn on differences in the legal and regulatory frameworks applied to the flows of personal information in the United States compared to the European Union. In short, the EU takes a paternalist approach to data protection policy, aiming to preserve a fundamental human right of its citizens through preemptive governmental action (see, for example, the EU Directive on Data Protection), while the governance of privacy in the US typically emerges only after some particular informational harm has occurred, often taking the form of industry self-regulation or narrowly-applied laws (see, for example, the unique prohibition on wrongful disclosure of video tape rental), with the responsibility of initiating enforcement resting on the harmed data subject herself.
For those interested in understanding the fundamental differences between the US and EU approaches to data privacy protection, and how these differences are negotiated in policy and practice, I suggest reading The Governance of Privacy: Policy Instruments in Global Perspective, by Colin Bennett and Charles Raab, and Negotiating Privacy: The European Union, the United States, and Personal Data Protection, by Dorothee Heisenberg.
I recently reviewed these two insightful books, and the essay appears in the latest issue of The Information Society. For those with institutional access, the review can be downloaded here. Following are the essay’s introductory paragraphs:
Privacy Protection in the Network Society: “Trading Up” or a “Race to the Bottom”?
Apparent to most citizens of contemporary, industrialized society, people no longer exist and live in fixed locations and spaces. Instead people are on the move in their personal, professional, intellectual, and social spheres. Within and across these spheres, mobility, rather than permanence, is likely to be the norm. Manuel Castells (1996) captures this feature of modern life in his theory of the space of flows, arguing that “our society is constructed around flows: flows of capital, flows of information, flows of technology, flows of organizational interaction, flows of images, sounds, and symbols” (p. 412). These flows – particularly information flows – constitute what Castells describes as the “network society,” where “networks constitute the new social morphology of our societies, and the diffusion of networking logic substantially modifies the operation and outcomes in processes of production, experience, power and culture” (p. 469).
By providing new linkages and spaces for information flows, the network society has also emerged as a potent infrastructure for the flow of personal information, and, as a result, both privacy and surveillance capitalize on this new world of flows. While varied in focus, the two books discussed in this review, The Governance of Privacy: Policy Instruments in Global Perspective, by Colin Bennett and Charles Raab, and Negotiating Privacy: The European Union, the United States, and Personal Data Protection, by Dorothee Heisenberg, share Castell’s identification of personal information flows as a key factor in our network society’s “processes of production, experience, power and culture,” and together they provide clarity to the complicated terrain of trans-national policies for the protection – or preservation – of these personal data flows across the network.
Some examples of the application of the EU privacy directive to the publication of personal data on the Web can be found in recent guidelines of the Dutch Data Protection authority, to be found here: