A clash of two western cul­tures on pri­vacy

Daily Trust - - IT WORLD -

While it seems that Amer­i­cans are help­less with re­spect to the pro­tec­tion of their per­sonal (con­sumer) data from po­ten­tial abuse by the likes of Face­book, Google, and per­haps 5000 other U.S. com­pa­nies, and de­vel­op­ing coun­tries like China and Nige­ria have much more im­por­tant sur­vival-re­lated is­sues to con­tend with (than wor­ry­ing about how cit­i­zens’ per­sonal data are used), the Euro­pean Union (EU) last week demon­strated some ci­vil­ity and its care for how the per­sonal data of its cit­i­zens are han­dled by Face­book and thou­sands of U.S. com­pa­nies.

You see, the sig­nif­i­cance at­tached to the pro­tec­tion of per­sonal data may de­pend on the side of the At­lantic you are on. Although Amer­i­cans talk a lot about con­sti­tu­tional rights, civil lib­erty, and all that stuff, when it comes to the need for the gov­ern­ment to pro­tect cit­i­zens’ per­sonal data, Amer­i­cans are usu­ally very mum, at least so it seems. On the other hand, Euro­peans can die to pro­tect their per­sonal data, which is usu­ally ar­gued in terms of per­sonal honor.

The cur­rent event started when a 27year old Aus­trian stu­dent and pri­va­cy­ac­tivist, Max Schrems, who was very dis­sat­is­fied with the way that Face­book han­dles the data it col­lects from users, took the mat­ter to court to chal­lenge the va­lid­ity of the so-called “Safe Har­bor” agree­ment (SHA) be­tween the U.S. and Europe. The SHA was a frame­work that was used to cre­ate a sin­gle stan­dard for the han­dling of pri­vate con­sumer data be­tween the U.S. and Europe. Specif­i­cally, it was an agree­ment drawn up be­tween gov­ern­ments al­low­ing the trans­fer of cit­i­zens’ per­sonal data be­tween the two re­gions of the world, ob­vi­ously with­out the con­sent of the cit­i­zens!

As al­luded to above, the tar­get in Schrems’ case is Face­book, whose Euro­pean head­quar­ter is in Dublin, Ire­land. Schrems said his pri­vacy had been vi­o­lated by the U.S. Na­tional Se­cu­rity Agency (NSA) mass sur­veil­lance pro­grams, which were fla­grantly re­vealed in 2013 by the whistle­blower Ed­win Snow­den, an NSA con­trac­tor. Schrems first brought the case against Face­book in Ire­land, but the Data Pro­tec­tion Com­mis­sioner there, also the data reg­u­la­tor, re­jected the case on the ground that the case was bound by SHA. Schrems ap­pealed to the Euro­pean Court of Jus­tice (ECJ) - the EU Supreme Court, which, last week, over­turned the judg­ment of the court in Ire­land, rul­ing that SHA is un­con­sti­tu­tional.

An im­por­tant as­pect of the is­sue at hand is the de­pic­tion of the cul­tural dif­fer­ences about pri­vacy across the At­lantic Ocean. In­ci­den­tally, this sub­ject mat­ter has re­ceived schol­arly at­ten­tion, as ev­i­denced by the re­search, for ex­am­ple, of James Q. Whit­man in Vol­ume 113, 2004 is­sue of Yale Law Jour­nal. (This is also Re­search Pa­per No. 4 of the Public Law and Le­gal The­ory Re­search Pa­per Se­ries at Yale Univer­sity.) The idea is that while Euro­peans pro­tect per­sonal honor of or­di­nary Euro­peans, Amer­i­can law pri­mar­ily pro­tects lib­erty in­ter­est. Whit­man sug­gests that the dif­fer­ences re­flect the con­trast­ing po­lit­i­cal and so­cial ideals of con­ti­nen­tal (i.e., Euro­pean) and Amer­i­can law. Will this the­ory wholly ex­plain EU’s ap­par­ent dis­po­si­tion to con­trol? I am not sure. Re­mem­ber the nu­mer­ous anti-com­pet­i­tive cases com­ing out of the con­ti­nent, some of which I have re­ported on in this col­umn? They are not about per­sonal honor!

Bob Price sug­gests three im­pli­ca­tions of last week’s ECJ rul­ing in his 6 Oc­to­ber 2015 UK Busi­ness In­sider online ar­ti­cle. The first is that in­di­vid­ual Euro­pean coun­tries can now set their own reg­u­la­tions for US com­pa­nies’ han­dling of cit­i­zens’ data. Price feels that this as­pect will vastly com­pli­cate the reg­u­la­tory en­vi­ron­ment in Europe. He also sug­gests that EU coun­tries can choose to sus­pend the trans­fer of data to the US - forc­ing com­pa­nies to host user data ex­clu­sively within the coun­try. Lastly, Ir­ish data reg­u­la­tor may now need to ex­am­ine whether Face­book of­fered Euro­pean users ad­e­quate data pro­tec­tions, and may or­der the sus­pen­sion of Face­book’s trans­fer of data from Europe to the US if nec­es­sary. This seems like se­ri­ous stuff.

The global ef­fects of ECJ rul­ing on In­ter­net tech­nol­ogy could be very pro­found. For ex­am­ple, it is not just Face­book that will suf­fer, but, as men­tioned ear­lier, up to 5000 U.S. com­pa­nies who mine con­sumer data may have to fig­ure out more le­git way of ob­tain­ing the per­sonal data of EU folks. (I wrote on In­ter­net data bro­kers in this col­umn in Daily Trust on 17 March 2014.) Fur­ther­more, we have or­ga­ni­za­tions that op­er­ate glob­ally that will need to trans­fer data across the At­lantic. Another ex­am­ple of po­ten­tial prob­lem per­tains to pay­ment pro­cess­ing for mer­chan­dise pur­chase. A Euro­pean mak­ing a pur­chase in the U.S. with a credit card will usu­ally need to have his data trans­ferred some­how to a U.S. point of sale.

Are there work­arounds against the new EU law? You bet! Face­book can ask each of its bil­lion users to “agree” to per­sonal data trans­fer across the At­lantic. How­ever, this op­tion can po­ten­tially open up a “can of worms.” That is, the fair­ness of ask­ing a user to agree to pages of con­di­tions in fine-print size, which no one ever reads be­fore agree­ing to. While such prac­tice may sur­vive in the U.S., I see the EU dis­al­low­ing it on the ba­sis of un­fair­ness to the con­sumer. Also, for global com­pa­nies, ask­ing em­ploy­ees to agree to cross-At­lantic per­sonal data trans­fer may be frowned upon by the EU, but the le­gal sys­tem in the U.S. may some­how be more per­mis­sive, in fa­vor of the em­ployer.

Okay, con­ti­nen­tal (Euro­pean) pri­vacy law pro­tects per­sonal honor of the or­di­nary Euro­pean, while Amer­i­can law pro­tects lib­erty in­ter­ests. Now, do we have an es­tab­lished rel­e­vant pri­vacy law in, say, Nige­ria, and, if so, what does it pro­tect? Ob­vi­ously, this one is for the le­gal lu­mi­nary, aka, the SAN.

Newspapers in English

Newspapers from Nigeria

© PressReader. All rights reserved.