< Back to previous page

Publication

Three Scenarios for International Governance of Data Privacy: Towards an International Data Privacy Organization, Preferably a UN Agency?

Journal Contribution - Journal Article

The first part of this paper will highlight the history of international governance of data privacy. It will also briefly describe the current state of governance to demonstrate that international norms followed data privacy legislation from the inception.
The second part will elaborate upon the complexities of the contemporary processing environment by referring to two case studies, cloud computing and location-based services. These two examples will demonstrate that the transborder personal data flows model, as accommodated and implemented, has substantially changed in the past few years, at both the national and international level. Contemporary global and complex personal data processing makes international governance of data privacy more necessary than ever.
The third part of this paper elaborates upon the three plausible scenarios for the future. First, the status quo could remain. In this case, we suggest that technology will step in by offering technology- based solutions, such as Privacy By Design system architecture or Privacy Enhancing Technologies, to address the concerns of individuals about the best way to protect their private data. The second scenario considers the amendment process of the European data protection framework and the EU Data Protection Directive in particular. It predicts that an improved and updated version (likely in the form of the currently-developing EU General Data Protection Regulation) could constitute the international standard for data privacy either indirectly or directly, through streamlined application of its adequacy criterion. The third scenario recommended by the authors proposes the establishment of an international data privacy organization, preferably a UN agency, to govern international data privacy. The appropriate regulatory vehicle is perhaps already in place: the globally-accepted, but probably undeservedly underused, 1990 UN Guidelines for the Regulation of Computerized Personal Data Files. The field could also benefit from the examples of other sectors that achieved international governance status after decades of persistent efforts, despite the fact that they fostered similarly pervasive legislation, such as copyright.
Journal: I/S: A Journal of Law and Policy
ISSN: 2372-2959
Issue: 2
Volume: 9
Pages: 271-324
Publication year:2013
Accessibility:Open