Resolving conflicting international data privacy rules in cyberspace.

• Author: Reidenberg, Joel R.

INTRODUCTION

The robust development of the Interact and online services over the last several years represent the most significant era for international flows of personal information since the first wave of computerization in the 1970s. During the early days of data processing, fears of omnipotent and omnipresent collections of personal information were largely conceived in terms of centralized computing and foreign data havens akin to tax havens.(1) Until the personal computer revolution, large scale processing of personal information was generally reserved to institutions with centralized databases.(2) The Internet and personal computers, however, multiply the number of participants generating and using personal information in a way that was unimaginable a generation ago. Every personal computer, Internet service provider, and Web site can now create, collect, and process personal information. Although cross-border transfers of data have been occurring for many years, the growth trends in Internet data transfers reflect both a quantitative and qualitative shift.(3)

In particular, the dramatic growth of Internet services during the last several years and the decentralization of information processing arrangements have exponentially increased the flow of personal information across national borders. From the processing of German railway card data in the United States(4) to the sale of French gastronomic products through the Hong Kong Web site of Marche de France,(5) personal data is driving the global economy and fair information practices have never been more important for the protection of citizens. In the United States, the sale of personal information alone was estimated at $1.5 billion in 1997(6) and confidence in the fair treatment of personal information is at a critical juncture.(7) Governments around the world have unequivocally declared that the future protection of citizen privacy is essential to the robust development of electronic commerce.(8)

At the same time, however, privacy rights for personal information vary considerably across national borders.(9) The United States, for example, has a market-dominated policy for the protection of personal information and only accords limited statutory and common law rights to information privacy.(10) In contrast, European norms reflect a rights-dominated approach and the European Union now requires each of its Member States to have comprehensive statutory protections for citizens.(11) International data flows on the Internet, whether for execution of transactions or intracorporate data management, force these divergent data protection policies and rules to confront each other with ever greater frequency.(12) Indeed, the Internet and electronic commerce raise the stakes for individuals, businesses and government. In the absence of coherent privacy protection, data flow embargoes are increasingly likely.(13)

Part I of this article defines characteristics of information flows on the Internet that challenge the protection of information privacy and set the stage for serious confrontation between different national and transnational data protection standards. Part II identifies a core set of principles for fair information practice that is common to strong democracies. While an international consensus exists on the basic standards for the fair treatment of personal information, significant differences in both approach and substance persist, particularly between Europe and the United States.(14) Part III shows that the characteristics of information flows and these differences result in serious conflict between normative data protection objectives around the world.(15)

Part IV of the article argues that the specific privacy rules in any particular country have a governance function reflecting the country's choices regarding the roles of the state, market, and individual in the country's democratic structure. Under this governance theory of privacy, national differences derive from distinct visions of governance, and privacy rules strive to protect a state's norm of governance, whether it be a liberal market norm or a socially-protective, citizen's rights norm. This insight means that efforts to harmonize specific standards would conflict with the way any given model embodies a market-based or a rights-based philosophy of governance.

If the harmonization of privacy rules is, thus, harmful for the political balance adopted in any country, then the peaceful coexistence of different privacy rules becomes essential to avoid online confrontations. Part V presents a theory for the coregulation of information privacy that identifies key institutional players and mechanisms to minimize regulatory conflict. And finally, Part VI offers short- and long-term strategies for coordination and cooperation among different privacy regimes. The article concludes with a discussion of the effect that this coregulation might have on the governance norms that posed the original conflicts.

1. DATA FLOW CHARACTERISTICS

   On the Internet, four characteristics frame the international transfer of personal information. These characteristics reflect a trend that marks dramatically increased capacity and incentives to abuse personal information across national borders. The salient points range from the actual uses of deployed technologies (specifically, collecting clickstream information and multinational processing) to the commercial incentives that drive the processing of personal information (notably, data warehousing and profiling). Taken together, these characteristics set the stage for intense conflicts over information privacy.

   1. Clickstream Data

      In a network environment, every click of a computer's mouse leaves a data trace.(16) This "clickstream data" is far more robust than the typical "transaction data" from an electronic payment or telephone call. "Transaction data" typically contain discrete information on the parties, date, time and type of transaction.(17) In contrast, by its very nature, the clickstream reflects not just the existence of interactions, but also includes the content of those interactions; every keystroke is included in the clickstream and not just the fact that an interaction took place. The clickstream information provides continuous, recordable surveillance of individuals and all of their activities.

      This clickstream information is increasingly sought. For example, software is now readily available and used to establish monitoring programs for clickstream data in the workplace.(18) As the Internet economy moves society from an economy of mass production to mass customization, transaction-generated information becomes an integral part of the process to predict and modify consumer behavior.(19) On the Internet, most websites collect some clickstream data in the form of log files.(20) These log files routinely collect the Interact addresses of visitors browsing the site and record the Web pages that the visitors read.(21) Interact service providers similarly can record logs of all subscribers' interactions, but, for the moment, are unlikely to retain the clickstream information. The sheer volume of such records exceeds the usefulness for Interact service providers. Nevertheless, advertising arrangements on the Internet seek to recapture the attributes of the clickstream data that the online service providers forgo. Companies such as DoubleClick(22) propose through the use of "cookies" technology to track Internet users' browsing patterns across many websites.(23)

      In effect, clickstream data offer a quantitative leap forward in the amount of personal information in circulation.(24) At the same time, the surveillance aspect of clickstream data is also qualitatively different from earlier forms of transaction data. The detail offers a picture that was previously not readily compiled. While the depth of information available from clickstream data might have been obtainable with a private investigator recording an individual's every move, such surveillance would have been treated as harassment. In the past, privacy was preserved from the isolation of discrete bits of information. The difficulty in assembling such information provided protection to individuals.(25) Clickstream data break down this protection.

   2. Multinational Sourcing

      The Internet and emerging electronic commerce activities encourage multinational sourcing of information.(26) The entire architecture of the Internet is based on the principle of geographic indeterminacy. The information processing capabilities of the network were designed to make distance and geographic location irrelevant. As a result, servers and processing arrangements migrate; data may be stored in one location and readily shifted to another location just as transmission and computing resources may be moved instantaneously from one place to another.(27) Corporate intranets, built using some of the same technology as the Internet, have adopted the same features.(28) Data may be collected in one location, processed elsewhere, and stored at yet another site. In addition, the open architecture also means that multiple intermediaries have access to and may process data in transit.(29) For example, third-party data collectors, such as Internet advertising companies like DoubleClick, obtain and pass on information about other websites' visitors. These arrangements radically increase the complexity of data processing and obscure the responsibility for data protection.

   3. Data Warehousing and Data Creep

      With the costs of computing and storage diminishing rapidly, isolated bits of data that in the past were useless or too expensive to process may now be collected and retained.(30) Since information will always have value in an "Information Society," the almost zero cost of processing incremental bits of data offers a powerful incentive for "data warehousing." "Data warehousing" is the stockpiling of millions of bits of personal...