Transfer of Personal Data to a Third Country :: Safe Harbor Agreement Human Rights Essays

Transfer of Personal Data to a Third Country I. Introduction 1.) An old issue, growing in importance Searching the web, one can see that privacy on the Internet is a big issue. Countless US or EU based human rights initiatives are fighting for the right to privacy. What is the reason for this? Although concerns about consumers' ability to protect their privacy have been in existence for decades, the Internet makes the issue more delicate: Businesses have access to a larger audience, which allows them to collect more data from more people. Furthermore, collection of more specific behavioural information is possible attaching cookies to a hard drive, reporting which websites someone enters.[1] In addition, data collection and storage having become much easier, faster and cheaper, cost concerns do not limit data-collection practices.[2] At the same time, the market for information about consumers and consumer behaviour is continuously growing, side by side with the expansion of e-commerce. 2.) Definition of the issue Privacy can be defined as "the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information."[3] This paper will focus purely on information privacy, also known as "data protection", which means the rules governing the collection and handling of personal data such as a person's name, address, phone number, family status, social security or other identification number or even medical, financial or government records. Data protection concerns the process of gathering, storing, analysis and distribution of personal data. Privacy issues can be divided into relations with the public sector and with the private sector.[4] In this paper, I will concentrate on the private sector, especially relevant because of the growing importance of e-commerce. 3.) Fundamentally different approaches in the US and the EU Europe and the US have very different approaches to data protection and privacy. In 250 years, nations on each side of the Atlantic have evolved their democracies into distinct forms of society and market economy. Differences in culture, policies and society are the consequence. a.) Government Interference vs. Self-Regulation As discussed in seminar one, there is an ongoing dispute regarding the approach in choosing an apt legal framework for the public and transnational sphere of cyberspace: Some scholars want governments to interfere as little as possible, others see the need for a unified legal framework. It seems that, concerning the privacy issue, the EU has chosen the latter option, by imposing a comprehensive, general law governing the collection, use and dissemination of data by public and private sector, whose enforcement is assured by an oversight body. The US tends to rely on sectoral laws, and on self-regulation for the