Universidad Complutense de Madrid
E-Prints Complutense

An approach to EU/USA transantlantic personal data flow for a new agreement: American technology and European Law in conflict
Una aproximación al tráfico de datos personales entre EU/USA para negociar un nuevo acuerdo: la tecnología americana en conflicto con el derecho europeo

Impacto

Downloads

Downloads per month over past year

García Sanz, Rosa María (2017) An approach to EU/USA transantlantic personal data flow for a new agreement: American technology and European Law in conflict. International Multidisciplinary Scientific Conferences on Social Sciences and Arts, 2 . pp. 323-333. ISSN ISBN 978-619-7408-14-0 / ISSN 2367-5659

[img]
Preview
PDF
234kB

Official URL: http://dx.doi.org/10.5593/sgemsocial2017/12/S02.040



Abstract

The European Union (EU) and the USA have two very different models of personal data protection (European terminology) or information privacy law (American terminology) (See PAUL SCHWARTZ AND DANIEL SOLOVE). EU law has a defined and clear concept of personal data and a general law to protect this fundamental right. Meanwhile, the USA does not have a uniform definition of information privacy or personally identifiable information (PII); and it has only some sectorial laws to protect privacy in some markets.
Personally identifiable information is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. At the same time, there is not a unique concept in information privacy law (DEIRDRE MULLIGAN). Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-indentified. (PAUL SCHWARTZ, HELEN NISSENBAUN OR D. MULLIGAN) In some way, then, we can say that the European law is applicable to almost all the information on the Internet. And in some way, too, we can say that American technology uses data as part of its technical nature, markets and services. This represents a difficult vantage point from which to start looking for an agreement.
In addition, some legal categories of the European Law—General Data Protection Regulation (GDPR)—are not negotiable under contracts, because of their inalienability they cannot be traded away by the free will of individuals, which complicates the mutual relationships between the two continents.
After breaking the SAFE HARBOR (after the SCHREMS EUROPEAN COURT DECISION Sept. 23, 2015, in CASE C-362/14) and under the New Agreement PRIVACY SHIELD FRAMEWORK 2016, new problems arose. An example of this can seen in the poor implementation of the Privacy Shield Principles by American companies, or in the case of Facebook where they provided misleading information to the European Union Commission during the approval process for the acquisition of Whatsapp (2014). As a result, the European Commission fined Facebook (18 May, 2017). Even more, on 13 November 2014, Facebook announced a global revision of its data policy, cookie policy and terms. Following this announcement, a Contact Group was created at European level with the Data Protection Authorities (DPAs) of The Netherlands, France, Spain, Hamburg and Belgium. The members of the Contact Group have initiated national investigations, relating to, amongst others, the quality of the information provided to users, the validity of consent and the processing of personal data for advertising purposes. Three of the members publish results on 16 May 2017 (France, Belgium and the Netherlands).
These problems are asking for harmonized solutions that reflect cooperation of laws and policies of the two sides of the Atlantic. This is necessary in order to continue with the traditional commercial relationship between Europe and North America and to work together against the terrorism threat.
.
This paper will examine possible points, criteria and perspectives to find an approach based on the European Law (GDPR) and the US regulations and policies.


Item Type:Article
Uncontrolled Keywords:Personal data protection law, information privacy law, privacy, Internet privacy, right to personal data
Palabras clave (otros idiomas):Datos personales
Subjects:Social sciences > Law > Constitutional law
Social sciences > Law > Public law
Social sciences > Law > European Union international treaties
ID Code:57232
Deposited On:07 Oct 2019 09:35
Last Modified:07 Oct 2019 10:23

Origin of downloads

Repository Staff Only: item control page