The issues with the EU’s GDPR: can they be solved?

The Issues

• The EU does not operate in a bubble: whatever regulations the EU enforces affect not only the EU, but any country it wants to export to and trade with. The GDPR fails to take into account that it does not operate in a void, and that there are many different legislations which tackle privacy differently.
• The GDPR potentially increases cybersecurity risks, because it undermines the transparency of the international systems and architecture that organize the internet.
• The GDPR’s requirements have been deemed to be too vague for what should be the data protection legislation encompassing all EU business.
• The GDPR weakens small and medium-sized businesses, while protecting bigger businesses.
• The GDPR is a regulatory system which aims to make businesses comply with data protections, not a guarantor of personal privacy. However, this issue is not that relevant since it is hoped and expected that if businesses comply with data privacy protections, individuals will be protected as well.

A global privacy adequacy standard?

Conclusion: What can be done?

I have tried before to indicate why I think this is mere baloney:

1. GDPR is not a guarantor of personal privacy. It is a tax and regulatory system, through which data businesses, not people, are protected, and through which the unlimited exercise of personal surveillance by member states over their citizens is reinforced;
2. What you call the "absence" of data privacy legislation in the US is in fact the presence of a carefully-crafted no-legislation system, a zone of anti-regulation with arbitrary exceptions resulting from the same "democratic" processes that have (unsurprisingly) produced a more social-democratic seeming (and equally pro-oligarchical) set of outcomes in "European" government. (The only technically significant society in that collection is no longer actually a part of the European Union, and is drifting rapidly towards an even more surveillance-compliant and pro-oligarchical set of data rules than the US.)
3. The European ambition to be the world's leading exporter of guardrails is fatally hampered by its complete inability to manufacture the steel of which they are made. EU regulations affect platforms for services used by billions of people outside Europe, none of which are European businesses. European political posturing is uniquely unrelated to any intellectual or economic power: China and the US produce the platforms and services which suck up the human consciousness of Europe, Africa, South America, etc. They make the money and they determine (in their essential conflict between ethically-irreponsible capitalism and morally-repugnant authoritarianism) the political future of humankind. India, with its intellectual and demographic power, is the pivotal society whose trajectory expresses the outcome of that destiny. The Europeans are a tiny number of somewhat wealthy people, surprisingly unproductive of software and related materials, terrified of the rest of the world's young, within reach of Russian destruction and sliding rapidly towards fascism. They are absolutely dependent for their economic vitality and national security on the very structures and entities which they claim to be regulating, and which (beyond their capacity to throw lawyers and levy fines) they are utterly unable to control. They cannot manufacture even the basic material components of the wireless net at prices they can afford. Their children spend most of their waking hours using technologies designed and operated by foreign parties to bilk, deceive, swindle and depress them. Without the comprehensive surveillance they are thus entitled to buy back from the US, their internal security systems would collapse. The claim that they have anything to contribute to, let alone that they are the fount of, freedom is facially absurd.

I have made all these points in class before, far too tediously. You vehemently disagree with them, which is fine. But isn't it time you stopped ignoring them? The draft would be stronger if it at least acknowledged the possibility of dissent and perhaps even met the arguments.

The American Dream has been dethroned by the European Dream

-- By OnaMunozRuscalleda - 26 Nov 2023

Introduction

The American Dream, often considered the embodiment of freedom and individual rights in the United States, is facing scrutiny in the realm of data privacy. How can the US be considered the epitome of freedom when its citizens’ private data is constantly being tracked without their consent?

Privacy in the European Union

In 2016, the European Union introduced the General Data Protection Regulation (GDPR), a robust framework dedicated to safeguarding privacy and human rights. This legislation imposes stringent requirements on organizations operating within EU countries, establishing seven key principles that include data minimization, storage limitations, and transparency, among others. Non-compliance with the GDPR results in substantial fines, creating a robust regulatory environment.

Privacy in the United States

Conversely, the United States lacks a comprehensive data privacy law applicable to all data types and companies. Existing legislation fails to provide holistic protection for individuals' data privacy. Firstly, the Privacy Act of 1974 which governs how federal agencies can collect and use data about individuals in its system of records. This act does not prohibit companies from gathering data on individuals, but prohibits companies from disclosing personal information without written consent from an individual. Secondly, the Health Insurance Portability and Accountability Act of 1996, which regulates how healthcare providers can use a patient’s personal health data. Third, the Gramm-Leach-Bliley Act of 1998, which regulates data privacy concerns for financial institutions. Finally, the Children’s Online Privacy Protection Act of 1998, which regulates what companies can do with the data collected from children under the age of 13. As can be seen, these pieces of legislation constitute a patchwork of legislation which fails to provide comprehensive protection for individual’s data privacy. Some US States have imposed more severe data limitations, such as the California Consumer Privacy Act, which states that consumers have the right to limit the use and disclosure of sensitive personal information collected about them, but there are very few states which have done so. Furthermore, in 2018 US Congress enacted the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which effectively overrules the GDPR. The CLOUD Act allows US authorities to access all data stored on servers operated by American cloud providers, and includes users who do not reside in the US (the title itself makes sure to include the “overseas” clarification). The consequence of this Act being enacted is that it is practically impossible for companies to comply with the GDPR, since doing so would entail violating the CLOUD Act.

Explaining the Differences

Fundamental differences in approach stem from the constitutional underpinning of data privacy. In the European Union, personal data protection is enshrined as a fundamental right under Article 8 of the EU Charter of Fundamental Rights. In contrast, the U.S. treats data privacy as part of consumer protection law, primarily within the business sector. Other arguments posit that influential U.S. tech companies advocate for lax online privacy regulations to maintain their information access and power, potentially hindering their competitiveness globally. Additionally, assertions are made that mass surveillance is more normalized in the U.S. compared to the European Union.

The Way Forward & Proposed Solutions

Conclusion

• #Set ALLOWTOPICVIEW = TWikiAdminGroup, OnaMunozRuscalleda
• #Set DENYTOPICVIEW = TWikiGuest

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.