Privacy as a Right, Data as a Commodity

Written By Anika Butala

Today’s data practices in corporations are a growing concern for the legal system that is responsible for ensuring the privacy of the individual while facilitating global commerce and innovation. Corporations collect and maintain large quantities of personal data that are beyond what is needed to deliver basic services. Even though the legal system acknowledges individuals' rights to their data security and consent, the reality is that these rights are often overshadowed by the lack of enforcement. Thus, the right to data privacy is merely a conditional interest.

One of the main issues with current problems that lead to the loss of privacy is the consent-based approach. Individuals are often required to agree to standard terms of service agreements as part of participating in digital markets. These agreements are legally binding. However, they have not always provided for full and effective consent due to their complexity in understanding and the lack of alternative options. This creates an environment that allows corporate entities to collect significant data under the guise of voluntary participation. It has taken away the ability of individuals to negotiate. Administrative bodies have not effectively addressed these issues, especially where data practices are technically disclosed but operationally are in the dark.

Another factor to this loss of privacy is international data flows. Multinational corporations operate within several legal environments that have differing requirements for data access, disclosure, and retention. Domestic legal protections may not offer significant protection once the data is stored, processed, or accessed outside of the country. In such cases, corporate compliance is not based on any uniform standards of data protection, but on strategic environments.

The recent developments in data governance have largely been influenced by national security interests rather than consumer protection. For instance, legislative attempts to curb or control some digital platforms have been largely informed by deeper fears over foreign entities accessing user data and foreign governments controlling local entities. For example, the debate on TikTok underscores data accumulation by corporations and how it can spark deeper scrutiny where there are foreign law implications. However, it underscores the need to have data privacy laws that apply universally to all platforms, regardless of country of origin.

In the same way, Google’s activities in countries with stringent regulatory requirements provide evidence of how business data practices conform to local regulatory requirements. Google’s move out of China in 2010, citing concerns it had regarding censorship and user security issues, provides evidence of the challenge of implementing consistent data privacy policies across borders. Google’s consideration of re-entry into China provides evidence of the tension between business values and regulatory requirements. The above examples do not constitute the data privacy problem but provide evidence of the flexibility in data protection practices allowed under current data protection regulations.

Moreover, the selective approach in regulatory intervention further reveals the structural inconsistencies. Corporations in the United States are consistently gathering data on a similar scale to their foreign-owned counterparts; however, the level of enforcement is subject to geopolitical factors rather than the actual practices in data collection. Such an approach might create a false equivalence between the protection of privacy and strategic regulation.

In conclusion, the current approaches in corporate data governance indicate a lack of understanding regarding the actual rights to privacy. While the legal system recognizes the need for the protection of personal data, the reliance on a consent-based model, the lack of a cohesive regulatory system, and the selective approach in intervention are all factors that undermine the practical application of these rights. The experiences with multinational corporations are not isolated concerns; rather, they indicate the systemic shortcomings in the current approaches to data governance.

Bibliography

Congressional Research Service. Data Protection Law: An Overview. https://crsreports.congress.gov 

Congressional Research Service. TikTok: Technology Overview and Issues. https://crsreports.congress.gov 

Electronic Frontier Foundation. Data Privacy and Surveillance. https://www.eff.org 

Federal Trade Commission. Protecting Consumer Privacy and Security. https://www.ftc.gov 

National Institute of Standards and Technology. Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management. https://www.nist.gov 

U.S. Department of Commerce. Global Cross-Border Privacy Rules System. https://www.commerce.gov 

U.S. Department of Justice. Privacy and Civil Liberties Oversight. https://www.justice.gov 

U.S. Government Accountability Office. Internet Privacy: Additional Federal Authority Could Enhance Consumer Protection. https://www.gao.gov

Anika Butala
Previous

The limits of free speech in schools: When can student speech be lawfully restricted?
Next

The Rule of Lenity and Ghost Guns: A New Digital Frontier