OnaMunozRuscalledaSecondEssay 4 - 10 Jan 2024 - Main.OnaMunozRuscalleda
|
|
META TOPICPARENT | name="SecondEssay" |
The issues with the EU’s GDPR: can they be solved? | | Introduction | |
< < | This essay started out being a comparison of data privacy between the United States and the European Union. However, after being corrected, I deemed it more interesting to shift the focus of the essay to a far more relevant issue, namely the current issues with the EU’s GDPR, and what we can learn from them. This essay will delve into a potential solution to the GDPR’s issues, namely a global privacy adequacy standard, to reach the conclusion that there is no real means of protecting individual privacy rights. | > > | This essay will delve into the GDPR, the EU's most comprehensive data privacy legislation, and its issues. A possible solution will be proposed and analyzed, namely a global privacy adequacy standard, to reach the conclusion that there is no real means of protecting individual privacy rights. | | Privacy in the European Union |
|
OnaMunozRuscalledaSecondEssay 3 - 10 Jan 2024 - Main.OnaMunozRuscalleda
|
|
META TOPICPARENT | name="SecondEssay" |
| |
< < | The American Dream has been dethroned by the European Dream | > > | The issues with the EU’s GDPR: can they be solved? | | -- By OnaMunozRuscalleda - 26 Nov 2023
Introduction | |
< < | The American Dream, often considered the embodiment of freedom and individual rights in the United States, is facing scrutiny in the realm of data privacy. How can the US be considered the epitome of freedom when its citizens’ private data is constantly being tracked without their consent? | > > | This essay started out being a comparison of data privacy between the United States and the European Union. However, after being corrected, I deemed it more interesting to shift the focus of the essay to a far more relevant issue, namely the current issues with the EU’s GDPR, and what we can learn from them. This essay will delve into a potential solution to the GDPR’s issues, namely a global privacy adequacy standard, to reach the conclusion that there is no real means of protecting individual privacy rights. | | Privacy in the European Union
In 2016, the European Union introduced the General Data Protection Regulation (GDPR), a robust framework dedicated to safeguarding privacy and human rights. This legislation imposes stringent requirements on organizations operating within EU countries, establishing seven key principles that include data minimization, storage limitations, and transparency, among others. Non-compliance with the GDPR results in substantial fines, creating a robust regulatory environment. | |
> > | I have to admit, I have always looked at the GDPR with optimism and hope. However, I have come to realize that the GDPR is not the holy grail it had been praised to be. | | | |
< < | Privacy in the United States
Conversely, the United States lacks a comprehensive data privacy law applicable to all data types and companies. Existing legislation fails to provide holistic protection for individuals' data privacy. Firstly, the Privacy Act of 1974 which governs how federal agencies can collect and use data about individuals in its system of records. This act does not prohibit companies from gathering data on individuals, but prohibits companies from disclosing personal information without written consent from an individual. Secondly, the Health Insurance Portability and Accountability Act of 1996, which regulates how healthcare providers can use a patient’s personal health data. Third, the Gramm-Leach-Bliley Act of 1998, which regulates data privacy concerns for financial institutions. Finally, the Children’s Online Privacy Protection Act of 1998, which regulates what companies can do with the data collected from children under the age of 13. As can be seen, these pieces of legislation constitute a patchwork of legislation which fails to provide comprehensive protection for individual’s data privacy.
Some US States have imposed more severe data limitations, such as the California Consumer Privacy Act, which states that consumers have the right to limit the use and disclosure of sensitive personal information collected about them, but there are very few states which have done so.
Furthermore, in 2018 US Congress enacted the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which effectively overrules the GDPR. The CLOUD Act allows US authorities to access all data stored on servers operated by American cloud providers, and includes users who do not reside in the US (the title itself makes sure to include the “overseas” clarification). The consequence of this Act being enacted is that it is practically impossible for companies to comply with the GDPR, since doing so would entail violating the CLOUD Act.
Explaining the Differences | > > | The Issues | | | |
< < | Fundamental differences in approach stem from the constitutional underpinning of data privacy. In the European Union, personal data protection is enshrined as a fundamental right under Article 8 of the EU Charter of Fundamental Rights. In contrast, the U.S. treats data privacy as part of consumer protection law, primarily within the business sector.
Other arguments posit that influential U.S. tech companies advocate for lax online privacy regulations to maintain their information access and power, potentially hindering their competitiveness globally. Additionally, assertions are made that mass surveillance is more normalized in the U.S. compared to the European Union. | > > |
- The EU does not operate in a bubble: whatever regulations the EU enforces affect not only the EU, but any country it wants to export to and trade with. The GDPR fails to take into account that it does not operate in a void, and that there are many different legislations which tackle privacy differently.
- The GDPR potentially increases cybersecurity risks, because it undermines the transparency of the international systems and architecture that organize the internet.
- The GDPR’s requirements have been deemed to be too vague for what should be the data protection legislation encompassing all EU business.
- The GDPR weakens small and medium-sized businesses, while protecting bigger businesses.
- The GDPR is a regulatory system which aims to make businesses comply with data protections, not a guarantor of personal privacy. However, this issue is not that relevant since it is hoped and expected that if businesses comply with data privacy protections, individuals will be protected as well.
| | | |
< < | The Way Forward & Proposed Solutions
While acknowledging the complexities, it is imperative for the U.S. to adopt comprehensive data privacy legislation. The Trans-Atlantic Data Privacy Framework, agreed upon in 2022 between the EU and the U.S., represents a positive first step. According to this agreement, data will be able to flow freely between the EU and participating US companies. Furthermore, there will be a new set of rules and safeguards to limit access to data by US intelligence authorities to what is necessary and proportionate to protect national security, and a new two-tier redress system to investigate and resolve complaints of Europeans on access of data by US intelligence authorities (emphasis added). While a good start, there are still issues with this agreement: firstly, the fact that it is not mandatory for all companies, but rather only participating ones; secondly, the fact that there is no definition to what necessary and proportionate entails, leaving the door open for potential abuses; and third, the fact that there is an underlying assumption that Europeans are the only ones that will be able to seek remedy for data breach violations. Thus, there is still a long way to go.
To address these concerns, the U.S. should consider two potential approaches. Firstly, a judicial interpretation of the Fourth Amendment (the right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures…) could extend its protection to include data privacy. Secondly, the U.S. should contemplate enacting a comprehensive bill, modeled after the GDPR, to ensure robust protection of individuals' data beyond their roles as consumers. | > > | Thus, it can be observed that the GDPR is by no means perfect and not an adequate means of protection of individual rights. | | | |
< < | Conclusion
The absence of comprehensive data privacy legislation in the U.S. cannot be justified. Recognizing the evolving landscape and the possibility of legislative change, a concerted effort is needed to establish a framework that guarantees the protection of individual data and aligns with contemporary privacy norms. | | | |
< < |
I have tried before to indicate why I think this is mere baloney: | > > | A global privacy adequacy standard? | | | |
< < |
- GDPR is not a guarantor of personal privacy. It is a tax and regulatory system, through which data businesses, not people, are protected, and through which the unlimited exercise of personal surveillance by member states over their citizens is reinforced;
- What you call the "absence" of data privacy legislation in the US is in fact the presence of a carefully-crafted no-legislation system, a zone of anti-regulation with arbitrary exceptions resulting from the same "democratic" processes that have (unsurprisingly) produced a more social-democratic seeming (and equally pro-oligarchical) set of outcomes in "European" government. (The only technically significant society in that collection is no longer actually a part of the European Union, and is drifting rapidly towards an even more surveillance-compliant and pro-oligarchical set of data rules than the US.)
- The European ambition to be the world's leading exporter of guardrails is fatally hampered by its complete inability to manufacture the steel of which they are made. EU regulations affect platforms for services used by billions of people outside Europe, none of which are European businesses. European political posturing is uniquely unrelated to any intellectual or economic power: China and the US produce the platforms and services which suck up the human consciousness of Europe, Africa, South America, etc. They make the money and they determine (in their essential conflict between ethically-irreponsible capitalism and morally-repugnant authoritarianism) the political future of humankind. India, with its intellectual and demographic power, is the pivotal society whose trajectory expresses the outcome of that destiny. The Europeans are a tiny number of somewhat wealthy people, surprisingly unproductive of software and related materials, terrified of the rest of the world's young, within reach of Russian destruction and sliding rapidly towards fascism. They are absolutely dependent for their economic vitality and national security on the very structures and entities which they claim to be regulating, and which (beyond their capacity to throw lawyers and levy fines) they are utterly unable to control. They cannot manufacture even the basic material components of the wireless net at prices they can afford. Their children spend most of their waking hours using technologies designed and operated by foreign parties to bilk, deceive, swindle and depress them. Without the comprehensive surveillance they are thus entitled to buy back from the US, their internal security systems would collapse. The claim that they have anything to contribute to, let alone that they are the fount of, freedom is facially absurd.
| > > | The issue that I find most troubling is the first one: the fact that privacy protection legislation can only be applied to the country it is issued from, but privacy concerns affect every single place in the world. There have been cases made for a global privacy adequacy standard, but can that really work?
A global privacy adequacy standard would have several benefits, the most important being that it would effectively tackle the issue of harmonizing different regulatory standards of privacy. Secondly, through the combination of several pieces of legislation from different countries it is likely that some issues (such as the cybersecurity risks or the vagueness of terms) would be partially solved.
Nonetheless, implementing a global privacy standard is extremely complicated. It is almost impossible that every single country in the world would accept such a standard. Furthermore, there is no global institution that could ever implement it, or even draft it. What would it look like? Like the EU’s GDPR? A better version of the GDPR? There are many questions that arise, for which there are no clear answers. It can thus be concluded that a global privacy adequacy standard, while an optimist idea, cannot effectively be implemented. | | | |
< < | I have made all these points in class before, far too tediously. You vehemently disagree with them, which is fine. But isn't it time you stopped ignoring them? The draft would be stronger if it at least acknowledged the possibility of dissent and perhaps even met the arguments.
| | | |
> > | Conclusion: What can be done?
My personal journey of learning has been the following: I began believing our privacy was always ensured. Then, I thought privacy issues existed in the US but were more controlled in the EU. Attempting to implement a global privacy standard is an extremely difficult, most likely impossible task. I have thus come to the conclusion that there is no privacy, anywhere, at any time.
However, this doesn’t mean that the EU is doomed and the GDPR can never work. Upon improvement of the aforementioned issues, it has the potential to become a “very good” means of protecting individual privacy rights. What it cannot claim to be is a perfect means of protecting individual privacy rights, because that would simply not be true. | |
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. |
|
OnaMunozRuscalledaSecondEssay 2 - 09 Jan 2024 - Main.EbenMoglen
|
|
META TOPICPARENT | name="SecondEssay" |
| |
< < | | | The American Dream has been dethroned by the European Dream
-- By OnaMunozRuscalleda - 26 Nov 2023 | | The absence of comprehensive data privacy legislation in the U.S. cannot be justified. Recognizing the evolving landscape and the possibility of legislative change, a concerted effort is needed to establish a framework that guarantees the protection of individual data and aligns with contemporary privacy norms. | |
> > |
I have tried before to indicate why I think this is mere baloney:
- GDPR is not a guarantor of personal privacy. It is a tax and regulatory system, through which data businesses, not people, are protected, and through which the unlimited exercise of personal surveillance by member states over their citizens is reinforced;
- What you call the "absence" of data privacy legislation in the US is in fact the presence of a carefully-crafted no-legislation system, a zone of anti-regulation with arbitrary exceptions resulting from the same "democratic" processes that have (unsurprisingly) produced a more social-democratic seeming (and equally pro-oligarchical) set of outcomes in "European" government. (The only technically significant society in that collection is no longer actually a part of the European Union, and is drifting rapidly towards an even more surveillance-compliant and pro-oligarchical set of data rules than the US.)
- The European ambition to be the world's leading exporter of guardrails is fatally hampered by its complete inability to manufacture the steel of which they are made. EU regulations affect platforms for services used by billions of people outside Europe, none of which are European businesses. European political posturing is uniquely unrelated to any intellectual or economic power: China and the US produce the platforms and services which suck up the human consciousness of Europe, Africa, South America, etc. They make the money and they determine (in their essential conflict between ethically-irreponsible capitalism and morally-repugnant authoritarianism) the political future of humankind. India, with its intellectual and demographic power, is the pivotal society whose trajectory expresses the outcome of that destiny. The Europeans are a tiny number of somewhat wealthy people, surprisingly unproductive of software and related materials, terrified of the rest of the world's young, within reach of Russian destruction and sliding rapidly towards fascism. They are absolutely dependent for their economic vitality and national security on the very structures and entities which they claim to be regulating, and which (beyond their capacity to throw lawyers and levy fines) they are utterly unable to control. They cannot manufacture even the basic material components of the wireless net at prices they can afford. Their children spend most of their waking hours using technologies designed and operated by foreign parties to bilk, deceive, swindle and depress them. Without the comprehensive surveillance they are thus entitled to buy back from the US, their internal security systems would collapse. The claim that they have anything to contribute to, let alone that they are the fount of, freedom is facially absurd.
I have made all these points in class before, far too tediously. You vehemently disagree with them, which is fine. But isn't it time you stopped ignoring them? The draft would be stronger if it at least acknowledged the possibility of dissent and perhaps even met the arguments.
| |
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. |
|
OnaMunozRuscalledaSecondEssay 1 - 26 Nov 2023 - Main.OnaMunozRuscalleda
|
|
> > |
META TOPICPARENT | name="SecondEssay" |
The American Dream has been dethroned by the European Dream
-- By OnaMunozRuscalleda - 26 Nov 2023
Introduction
The American Dream, often considered the embodiment of freedom and individual rights in the United States, is facing scrutiny in the realm of data privacy. How can the US be considered the epitome of freedom when its citizens’ private data is constantly being tracked without their consent?
Privacy in the European Union
In 2016, the European Union introduced the General Data Protection Regulation (GDPR), a robust framework dedicated to safeguarding privacy and human rights. This legislation imposes stringent requirements on organizations operating within EU countries, establishing seven key principles that include data minimization, storage limitations, and transparency, among others. Non-compliance with the GDPR results in substantial fines, creating a robust regulatory environment.
Privacy in the United States
Conversely, the United States lacks a comprehensive data privacy law applicable to all data types and companies. Existing legislation fails to provide holistic protection for individuals' data privacy. Firstly, the Privacy Act of 1974 which governs how federal agencies can collect and use data about individuals in its system of records. This act does not prohibit companies from gathering data on individuals, but prohibits companies from disclosing personal information without written consent from an individual. Secondly, the Health Insurance Portability and Accountability Act of 1996, which regulates how healthcare providers can use a patient’s personal health data. Third, the Gramm-Leach-Bliley Act of 1998, which regulates data privacy concerns for financial institutions. Finally, the Children’s Online Privacy Protection Act of 1998, which regulates what companies can do with the data collected from children under the age of 13. As can be seen, these pieces of legislation constitute a patchwork of legislation which fails to provide comprehensive protection for individual’s data privacy.
Some US States have imposed more severe data limitations, such as the California Consumer Privacy Act, which states that consumers have the right to limit the use and disclosure of sensitive personal information collected about them, but there are very few states which have done so.
Furthermore, in 2018 US Congress enacted the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which effectively overrules the GDPR. The CLOUD Act allows US authorities to access all data stored on servers operated by American cloud providers, and includes users who do not reside in the US (the title itself makes sure to include the “overseas” clarification). The consequence of this Act being enacted is that it is practically impossible for companies to comply with the GDPR, since doing so would entail violating the CLOUD Act.
Explaining the Differences
Fundamental differences in approach stem from the constitutional underpinning of data privacy. In the European Union, personal data protection is enshrined as a fundamental right under Article 8 of the EU Charter of Fundamental Rights. In contrast, the U.S. treats data privacy as part of consumer protection law, primarily within the business sector.
Other arguments posit that influential U.S. tech companies advocate for lax online privacy regulations to maintain their information access and power, potentially hindering their competitiveness globally. Additionally, assertions are made that mass surveillance is more normalized in the U.S. compared to the European Union.
The Way Forward & Proposed Solutions
While acknowledging the complexities, it is imperative for the U.S. to adopt comprehensive data privacy legislation. The Trans-Atlantic Data Privacy Framework, agreed upon in 2022 between the EU and the U.S., represents a positive first step. According to this agreement, data will be able to flow freely between the EU and participating US companies. Furthermore, there will be a new set of rules and safeguards to limit access to data by US intelligence authorities to what is necessary and proportionate to protect national security, and a new two-tier redress system to investigate and resolve complaints of Europeans on access of data by US intelligence authorities (emphasis added). While a good start, there are still issues with this agreement: firstly, the fact that it is not mandatory for all companies, but rather only participating ones; secondly, the fact that there is no definition to what necessary and proportionate entails, leaving the door open for potential abuses; and third, the fact that there is an underlying assumption that Europeans are the only ones that will be able to seek remedy for data breach violations. Thus, there is still a long way to go.
To address these concerns, the U.S. should consider two potential approaches. Firstly, a judicial interpretation of the Fourth Amendment (the right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures…) could extend its protection to include data privacy. Secondly, the U.S. should contemplate enacting a comprehensive bill, modeled after the GDPR, to ensure robust protection of individuals' data beyond their roles as consumers.
Conclusion
The absence of comprehensive data privacy legislation in the U.S. cannot be justified. Recognizing the evolving landscape and the possibility of legislative change, a concerted effort is needed to establish a framework that guarantees the protection of individual data and aligns with contemporary privacy norms.
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list. |
|
|
|
This site is powered by the TWiki collaboration platform. All material on this collaboration platform is the property of the contributing authors. All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|