Date:
Location:
By exploring the intentions behind the General Data Protection Regulation (GDPR), what it protects and why, and comparing it to the US approach to privacy, this debate will highlight strengths and shortcomings in both legal systems perspectives on privacy and data protection regulation. It will help to shed some light on the possibilities of a response by American legislators, including the use of GDPR as a model.
As of May 2018, every company targeting customers in Europe must comply with the General Data Protection Regulation (GDPR), including American companies that do business in the EU. The GDPR has been celebrated by many, as the new standard to follow, as it seeks to protect personal data through comprehensive rules and the threat of stiff penalties for non-compliance. In EU law, justifications given for the adoption of legislation that regulates the actions of private entities, are rooted in the protection of privacy and personal data, fundamental rights established in the Charter of Fundamental Rights of the European Union (CFREU). However, in the US, the right to privacy, primarily protected by the 4th Amendment of the Constitution, is perceived as an individual liberty, that protects citizens against government intrusion in their lives, not necessarily against private entities. The difference in perceptions of privacy may help explain why the US has not yet sought to pass legislation similar to the GDPR, even if public opinion seems worried about surveillance activities carried out by American companies. Regulators may see this as a state-citizen affair, rather than a matter of protection of people against corporate power. GDPR could offer a path forward in inspiring American legislators to consider data protection as a different right, worthy of more protection. However, while EU Primary Law may have enshrined the protection of personal data as a fundamental right in art. 8 CFREU, both, case law and secondary legislation, have failed to properly define this right as an autonomous one, related to, but ultimately different from the fundamental right to privacy (art. 7 CFREU). If the GDPR is only perceived as the crystallization of a desire to rein in big American companies and to demonstrate that they have to bend to the will of European regulators, this approach may not prove to be very convincing in the US, which has so far been averse to burden online-based companies with heavy regulation on these matters.
Speakers: Jasmine McNealy, Fellow, Berkman Klein Center for Internet and Society at Harvard University; Assistant Professor, Department of Telecommunication, University of Florida; Moritz Hennemann, Visiting Researcher, Harvard Law School; Faculty Fellow, Institute of Media and Information Law, University of Freiburg; Rodrigo Cetina Presuel, Visiting Researcher, Institute for Global Law and Policy, Harvard Law School.
Chair: Jose Manuel Martinez Sierra, Jean Monnet ad Personam Professor in EU Law and Government and Director, RCC, Harvard University; Co-Chair, EU Law and Government Study Group and Southern Europe in the EU Study Group, CES, Harvard University.
Sponsors: RCC, European Union Law and Government Study Group, Minda de Gunzburg Center for European Studies.