Technological developments spur the development of big data on a global scale. The breadth of data companies collect, maintain, process, and transmit affects nearly every country and organization around the world. Inherent to big data are issues of data protection and transfers to third countries. While many jurisdictions emphasize the importance of protecting consumer data, such as the European Union, others, like the United States, do not. To circumvent this issue, the United States and European Union contracted around data privacy standard discrepancies through the Safe Harbor Agreement, which eased cross-border data transfers. However, the Court of Justice of the European Union invalidated this agreement because the United States’ data protection standards are incompatible with rising global standards.
Since the Safe Harbor Agreement’s invalidation, the European Union passed the General Data Protection Regulation (GDPR) to raise data security standards across its Member States. Additional provisions expand the GDPR’s scope to affect any data processor or controller that processes personal data concerning European Union citizens. In essence, the GDPR sets a global data privacy standard, which countries around the world are attempting to emulate. However, instead of raising its standards the United States believes that a new data transfer agreement, the Privacy Shield, can resolve these differences. But, an increase in global standards requires the United States to strengthen its own data protection standards rather than remain complacent if it wants to sustain international trade.
The Federal Trade Commission is the primary data privacy authority within the United States. While it has the power to promulgate rules, it has refrained to do so due to the process’s burden. But, if U.S. data privacy standards are to rise to a level compatible with the rest of the world, the FTC must act. To raise U.S. data privacy standards, the FTC must promulgate a rule that creates a uniform standard for data protection across the states and that establishes industry data protection agencies to oversee and regulate international and domestic compliance.
The Tortoise and the Hare of International Data Privacy Law: Can the United States Catch Up to Rising Global Standards?,
Cath. U. J. L. & Tech
Available at: https://scholarship.law.edu/jlt/vol27/iss1/5
Administrative Law Commons, Communications Law Commons, European Law Commons, First Amendment Commons, Intellectual Property Law Commons, Internet Law Commons, Privacy Law Commons, Science and Technology Law Commons, Secured Transactions Commons