Paul M. Schwartz, Symposium: Privacy and Technology: The E.U.-US Privacy Collision: A Turn to Institutions and Procedures, 126 Harv. L. Rev. 1966 (2013)

Conclusion of the Article:

New conflicts in information privacy loom ahead for the US and the EU due to the Proposed Data Protection Regulation of the EU. This document, which creates directly binding law for all EU Member States, alters the current equilibrium achieved under the Data Protection Directive of 1995. The Directive stimulated a process of EU-US ‘lawmaking’ through multi-party ad hoc networks, and led to multiple ways to accommodate the Directive’s rules for international data transfers. In contrast, the Proposed Regulation creates risks to the established processes and institutions.

In response, this Essay has drawn on lessons from policymaking under the Directive. It advocates a Revised Regulation that concentrates only on a limited set of non-uniform aspects of EU privacy law while also preserving future opportunities for creative global policymaking experimentation. It should do so through attention solely to the key conceptual definitions of data protection law. In addition, the Revised Regulation should not grant the Commission the power to act as a final arbiter of data protection through an ability to strike down decisions of national data protection authorities. The Revised Regulation should also limit the Commission’s power to issue further implementing and delegated acts over virtually any matter.


The full text is available at…