No Choice: Trans-Atlantic Information Privacy Legislation and Rational Choice Theory

George Washington Law Review

Volumn 67, Issue 5-6, 1999, Pages 1309-1321

  Mayer Schönberger, Viktor ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

EID: 0042126667     PISSN: 00168076     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (71)

1. See FRED H. CATE, PRIVACY IN THE INFORMATION AGE 5 (1997); Anne W. Branscomb, Global Governance of Global Networks: A Survey of Transborder Data Flows in Transition, 36 VAND. L. REV. 985, 987 (1983).
2. See FRED H. CATE, PRIVACY IN THE INFORMATION AGE 5 (1997); Anne W. Branscomb, Global Governance of Global Networks: A Survey of Transborder Data Flows in Transition, 36 VAND. L. REV. 985, 987 (1983).
3. See, e.g., Child Online Protection Act of 1998, Pub. L. No. 105-277, 112 Stat. 2681-736 (codified as amended in scattered sections of 47 U.S.C.); Communications Decency Act of 1996, Pub. L. No. 104-104, 110 Stat. 133 (codified as amended in scattered sections of 18 and 47 U.S.C.), held unconstitutional in Reno v. ACLU, 521 U.S. 844 (1997).
4. See FEDERAL TRADE COMMISSION, PRIVACY ONLINE: A REPORT TO CONGRESS (1998). See also David Harrison, OCC Offers Ways to Comply With Customer Privacy Laws, AM. BANKER, Mar. 31, 1999, at 2, for the distribution of guidelines by the Office of the Comptroller of the Currency "explaining how a bank may share customer data among affiliates without violating privacy laws."
5. Cf. ALAN F. WESTIN, PRIVACY AND FREEDOM (1967); Kenneth C. Laudon, Markets and Privacy, 39 COMM. ACM 92 (1996).
6. Cf. ALAN F. WESTIN, PRIVACY AND FREEDOM (1967); Kenneth C. Laudon, Markets and Privacy, 39 COMM. ACM 92 (1996).
7. See, e.g., Roe v. Wade, 410 U.S. 113 (1973); Eisenstadt v. Baird, 405 U.S. 438 (1972); Griswold v. Connecticut, 381 U.S. 479 (1965) (finding that privacy is protected by the penumbras of the Constitution).
8. See Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 HARV. L. REV. 193, 205 (1890), where the authors contend that a "general right of the individual to be let alone" exists. For an overview of privacy theory, see CATE, supra note 1, at 19-31.
9. One such lively discussion took place at the 1999 George Washington Law Review Privacy Symposium. For reasons unrelated to the subject matter, the interest group model advanced during the discussion and analyzed in this comment has not yet been published by its proponents.
10. See DANIEL A. FARBER & PHILIP P. FRICKEY, LAW AND PUBLIC CHOICE: A CRITICAL INTRODUCTION 1 (1991).
11. See DENNIS C. MUELLER, PUBLIC CHOICE 1 (1979).
12. See id.
13. See WILLIAM N. ESKRIDGE, JR. & PHILIP P. FRICKEY, CASES AND MATERIALS ON LEGISLATION: STATUTES AND THE CREATION OF PUBLIC POLICY 323-26 (1988).
14. See MUELLER, supra note 9, at 1-8.
15. See generally FARBER & FRICKEY, supra note 8, at 12-38; MANCUR OLSON, THE LOGIC OF COLLECTIVE ACTION: PUBLIC GOODS AND THE THEORY OF GROUPS (2d ed. 1971).
16. But cf. DONALD P. GREEN & IAN SHAPIRO, PATHOLOGIES OF RATIONAL CHOICE THEORY: A CRITIQUE OF APPLICATIONS IN POLITICAL SCIENCE 47-70 (1994) (arguing that despite interest group influence in the political process, citizens still cast their vote - a non-rational behavior in terms of pure cost-benefit).
17. Cf. Geoffrey P. Miller, Public Choice at the Dawn of the Special Interest State: The Story of Butter and Margarine, 77 CAL. L. REV. 83 (1989); Julie A. Roin, United They Stand, Divided They Fall: Public Choice Theory and the Tax Code, 74 CORNELL L. REV. 62 (1988). See generally Frank H. Easterbrook, Foreword: The Court and the Economic System, 98 HARV. L. REV. 4 (1984).
18. For example, the government will reimburse telecommunications companies for providing wire-tap support. See Digital Telephony Act of 1994, 47 U.S.C. § 1001 (1994).
19. See generally KAY LEHMAN SCHLOSZMAN & JOHN T. TIERNEY, ORGANIZED INTERESTS AND AMERICAN DEMOCRACY (1986).
20. See GREEN & SHAPIRO, supra note 14, at 19.
21. Cf. FARBER & FRICKEY, supra note 8, at 20.
22. 18 U.S.C. § 2710 (1994).
23. See Jonathan Hirley, Transnational Discrimination and the Economics of Extraterritorial Regulation, 70 B.U. L. REV. 339, 380 (1990).
24. See Stephen F. Williams, Public Choice Theory and the Judiciary: A Review of Jerry L. Mashaw's Greed, Chaos, and Governance, 73 NOTRE DAME L. REV. 1599, 1623 (1998) (book review).
25. See FARBER & FRICKEY, supra note 8, at 47 (claiming that a theory "that cannot even account for people going to the polls, let alone explain how they vote once they get there, can hardly claim to provide a complete theory of politics"); GREEN & SHAPIRO, supra note 14, at 47; Dennis C. Mueller, The Voting Paradox, in DEMOCRACY AND PUBLIC CHOICE 77 (Charles K. Rowley ed., 1987).
26. See generally GREEN & SHAPIRO, supra note 14.
27. See id. at 35-36.
28. Video Privacy Protection Act, 18 U.S.C. § 2710 (1994).
29. One might argue that, given the public sentiment, lawmakers may have wanted an omnibus privacy act but felt they could only "get" a narrowly-focused privacy bill protecting video rental records. Such an argument, however, begs the question by subsuming the example under the general self-interest principle and away from what supposedly was an exception to it.
30. See GREEN & SHAPIRO, supra note 14.
31. See, e.g., GREEN & SHAPIRO, supra note 14.
32. For example, Schloszman and Tierney, supra note 17, at 315-317, point out that interest groups are much better in preventing rather than obtaining legislation. Thus looking solely at the lack of legislation and its link to interest groups may in and of itself provide a skewed picture.
33. For a generational model of data protection norms, see Viktor Mayer-Schönberger, Generational Development of Data Protection in Europe, in TECHNOLOGY AND PRIVACY: THE NEW LANDSCAPE (Philip E. Agre & Marc Rotenberg eds., 1997).
34. See MYRON BRENTON, THE PRIVACY INVADERS (1964); ARTHUR R. MILLER, THE ASSAULT ON PRIVACY: COMPUTERS, DATA BANKS AND DOSSIERS (1971); VANCE PACKARD, THE NAKED SOCIETY (1964); ALAN F. WESTIN, PRIVACY AND FREEDOM (1967);.
35. 5 U.S.C. § 552a (1994).
36. See COLIN BENNETT, REGULATING PRIVACY: DATA PROTECTION AND PUBLIC POLICY IN EUROPE AND THE UNITED STATES 47 (1992); DAVID FLAHERTY, PRIVACY AND GOVERNMENT DATA BANKS: AN INTERNATIONAL PERSPECTIVE 105 (1979). The German plan was made public in Das Informationsbanksystem. See VORSCHLÄGE FÜR DIE PLANUNG UND DEN AUFBAU EINES ALLGEMEINEN ARBEITSTEILIGEN INFORMATIONSBANKSYSTEMS FÜR DIE BUNDESREPUBLIK DEUTSCHLAND, VOLUME I, BERICHT DER INTERMINISTERIELLEN ARBEITSGRUPPE BEIM BUNDESMINISTERIUM DES INNEREN AN DIE BUNDESREGIERUNG (1971). Similar plans in the U.S. to create a "Federal Data Center" were proposed in 1966, but met with heavy public opposition. See BENNETT, supra, at 46; see also Jeffrey A. Meldman, Centralized Information Systems and the Legal Right to Privacy, 52 MARQ. L. REV. 335 (1969).
37. The term stems from the German word "Datenschutz"; for a brief analysis of its content, see BENNETT, supra note 34, at 13.
38. See ADALBERT PODLECH, VERFASSUNGSRECHTLICHE PROBLEME ÖFFENTLICHER INFORMATIONSSYSTEME, DIE öFFENTLICHE VERWALTUNG, 23 (1970) 473; Wilhelm Steinmüller et al., Gutachten: Grundfragen des Datenschutzes, BT-Drs 6/3826, 5.
39. See, e.g., Hessisches Datenschutzgesetz (Data Protection Act of Hessia), v. 7.10.70 (GVB1.Hesse S.625-627); Svenska Datalag (Swedish Data Act) 1973; Rheinland-pfälzisches Landesgesetz gegen mißräuchliche Datennutzung (State Act against the improper use of data of Rhineland-Palatinate) v. 24.1.74 (GVB1.Rheinland-Pfalz S. 31-33); Loi relative à l'informatique, aux fichiers et aux libertés (French Data Protection Act) 1978, Law No. 78-17 of January 7, 1978, J.O., revised January 25, 1978 〈lt;http://www.legifrance.gouv.fr/textes/html/fic781761978.htm〉; Deutsches Bundesdatenschutzgesetz (German Federal Data Protection Act), v. 27.01.77 (BGB1.I S.201).
40. See Svenska Datalag (Swedish Data Act) 1973.
41. See Deutsche Bundesdatenschutzgsetz (German Federal Data Protection Act), v. 27.01.77 (BGB1.I S.201).
42. See § 1 Datenschutzgesetz (Data Protection Act) BGB1 565/78.
43. See Loi relative à l'informatique, aux fichiers et aux libertés (French Data Protection Act) Law No. 78-17 of January 7, 1978, J.O., revised January 25, 1978 〈http://www.legifrance. gouv.fr/textes/html/fic781761978.htm〉.
44. See DAVID H. FLAHERTY, PROTECTING PRIVACY IN SURVEILLANCE SOCIETIES 79 (1989).
45. See id. at 83 (acknowledging that "[t]he census is one of the best available vehicles for an opposition group like the Green party to mobilize public opinion against an incumbent government for political purposes").
46. See Bonn Urges Census Compliance, INT'L HERALD TRIB., Mar. 28, 1983, at 2. In 1983, a public poll indicated that "52 percent of the population mistrusted the census questions and that 25 percent of the 25 million households would not complete the form." FLAHERTY, supra note 42, at 79.
47. Among them law professors Wilhelm Steinmüller and Adalbert Podlech, both of whom had been instrumental in the data protection debate of the early 70s, and the computer science professor and liberal politician Klaus Brunnstein. Cf. PODLECH, supra note 36; Adalbert Podlech, Datenschutz im Bereich der öffentlichen Verwaltung - Entwürfe eines Gesetzes zur Änderung des Grundgesetzes (Art. 75 GG) zur Einführung einer Rahmenkompetenz für Datenschutz und eines Bundesdatenschutz-Rahmengesetzes (1973); Steinmüller, supra note 36.
48. See BVerfG 15.12.1983, BVerfGE 65, 1 = 1 BvR 209/83 = NJW 1984, 419 = EuGRZ 1983, 577. The term "informational self-determination" was taken from scholarly writings. See CHRISTOPH MALLMANN, DATENSCHUTZ IN VERWALTUNGSINFORMATIONSSYSTEMEN 47 (1976); Adalbert Podlech, Datenschutz und das Verfassungsrecht, in NUMERIERTE BÜRGER 27 (1975); Spiros Simitis, Die informationelle Selbstbestimmung: Grundbedingung einer verfassungskonformen Informationsordnung, NJW 1984, 398. The concept is similar to Westin's definition of "information privacy" almost twenty years earlier, namely "the claim of individuals . . . to determine for themselves when, how, and to what extent information about them is communicated to others." WESTIN, supra note 4, at 7.
49. See Gesetz zur Fortentwicklung der Datenverarbeitung und des Datenschutzes ("BDSG") (Federal Data Protection Act) v. 20.12.90 (BGB1.I S.2954). For example, provisions were amended (§ 8 BDSG) that shifted the burden of proof to the party processing personal data in liability and damage law suits and extended protection to all phases of information management, including information acquisition (§ 33 BDSG).
50. This seems to be the recent approach of the Austrian government in transforming the EU Privacy Directive into national law. See VIKTOR MAYER-SCHÖNBERGER & ERNST O. BRANDL, DATENSCHUTZGESETZ 2000 (1999).
51. See William N. Eskridge, Politics Without Romance: Implications of Public Choice Theory for Statutory Interpretation, 74 VA. L. REV. 275, 301-02 (1988).
52. so Steven P. Croley, Theories of Regulation: Incorporating the Administrative Process, 98 COLUM. L. REV. 1, 44 (1998).
53. See id. For an assessment of a similar principal-agent problem in rational choice theory, see Green and Shapiro's analysis of the U.S. Congress Committees. See GREEN & SHAPIRO, supra note 14, at 197-99.
54. See Croley, supra note 50, at 45 n.113.
55. Data Protection Act 1984, c. 35.
56. See Council of Europe, Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, January 28,1981, Eur. T.S. No. 108,19 I.L.M. S71 (1981) [hereinafter Council of Europe Convention]; Organisation for Economic Co-Operation and Development, Recommendation of the Council concerning Guidelines governing the protection of privacy and transborder flows of personal data, adopted by the Council 23 September 1980, OECD Doc. C(80) 58 final (1980) [hereinafter OECD Guidelines].
57. "The Council . . . recommends [t]hat Member countries take into account in their domestic legislation the principles concerning the protection of privacy and individual liberties set forth in the Guidelines." OECD Guidelines (emphasis added).
58. See Council of Europe Convention, art. 4(1) ("Each Party shall take the necessary measures in its domestic law to give effect to the basic principles for data protection set out in this chapter.").
59. See id. art. 12(3)(a).
60. By 1984 the following countries had signed on to, and later ratified, the Council of Europe Convention: Austria (signed in 1981, ratified in 1988), Belgium (1982, 1993), Denmark (1981, 1989), France (1981, 1983), Germany (1981, 1985), Greece (1983, 1995), Iceland (1982, 1991), Italy (1983,1997), Luxembourg (1981, 1988), Norway (1981, 1984), Portugal (1981, 1993), Spain (1982, 1984), Sweden (1981, 1982), Turkey (signed in 1981), United Kingdom (1981, 1987). See Council of Europe: Signatures and Ratifications ETS No. 108 (last modified June 23, 1999) 〈http://www.coe.fr/tablconv/108t.htm〉. As of 1994, all OECD member states have adopted the OECD Guidelines. See ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT, PRIVACY AND DATA PROTECTION: ISSUES AND CHALLENGES (1994).
61. See BENNETT, supra note 34, at 91.
62. See id; see also Simon Davies, Connected: Brussels Teeth for Privacy Watchdog Analysis - Feeble British Data Protection Law has Satisfied Nobody, DAILY TELEGRAPH, Oct. 14, 1997 ("The only reason it was passed in the first place was that British businesses were worried that that their data trade with some privacy-loving European partners, such as Germany, would be imperiled.").
63. See GREEN & SHAPIRO, supra note 14, at 34-38, for a critique of the mono-causal approach of public choice theory.
64. See U.S. Census Bureau, FT900 - U.S. International Trade in Goods and Services, Exhibit 14a: Exports, Imports and Balance of Goods by Selected Countries and Geographic Areas - 1998 〈http://www.census.gov/foreign-trade/Press-Release/99_press_releases/ February/ exh14a.txt〉. Moreover, America's total trade with the European Union increased by more than 50 (!) percent between 1993 and 1998. See At Daggers Drawn, THE ECONOMIST, May 8, 1999, at 17, 18.
65. In 1997, the European Union had a per-capita GDP (based on current purchasing power parities) of $20,546. See GDP Per Capita (last visited Jul. 14, 1999) 〈http://www.oecd.org/ std/gdpperca.htm〉.
66. See Directive 95/46/EC, 1995 O.J. (L 281) 31.
67. See id. at 3.
68. See id. art. 25.
69. See id. art. 25(2).
70. See id. art. 26(2).
71. See BENNETT, supra note 34, at 91, for the argument that, because of significant trading with European countries, there was no substantial opposition to the Data Protection Act 1984 in the United Kingdom.