Reconciling personal information in the United States and European Union

California Law Review

Volumn 102, Issue 4, 2014, Pages 877-916

  Schwartz, Paul M ^a   Solove, Daniel J ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b GEORGE WASHINGTON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84907556563     PISSN: 00081221     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Review

References (81)

1. State Security Breach Notification Laws, NAT'LCONFERENCE OF STATE LEGISLATURES, http://www.ncsl.org/Default.aspx?TabId=13489 (last updated Jan. 21, 2014).
2. Dieter Grimm, Der Datenschutz vor einer Neuorientierung, 12 JURISTENZEITUNG 585, 586 (2013).
3. Paul M. Schwartz & Daniel J. Solove, The PII Problem: Privacy and a New Concept of Personally Identifiable Information, 86 N.Y.U. L. REV. 1814 (2011).
4. PONEMON INST. LLC, THE TRUE COST OF COMPLIANCE: A BENCHMARK STUDY OF MULTINATIONAL ORGANIZATIONS 2 (2011), available at http://www.tripwire.com/tripwire/assets/File/ponemon/True-Cost-of-Compliance-Report.pdf.
5. David Scheer, For Your Eyes Only-Europe's New High-Tech Role: Playing Privacy Cop to the World, WALL ST. J., Oct. 10, 2003, at A1.
6. Schwartz & Solove, supra note 3, The PII Problem: Privacy and a New Concept of Personally Identifiable Information, 86 N.Y.U. L. REV. at 1877-83.
7. Paul M. Schwartz & Karl-Nikolaus Peifer, Prosser's Privacy and the German Right of Personality, 98 CALIF. L. REV. 1925, 1953-54 (2010).
8. James Q. Whitman, The Two Western Cultures of Privacy: Dignity Versus Liberty, 113 YALE L.J. 1151, 1173-76 (2004).
9. Daniel J. Solove & Paul M. Schwartz, Information Privacy Law 1110 (4th ed. 2011).
10. David H. Flaherty, Protecting Privacy In Surveillance Societies 404-05 (1992).
11. Paul M. Schwartz, Preemption and Privacy, 118 YALE L.J. 902, 913 (2009).
12. Abraham L. Newman, Protectors of Privacy 76 (2008).
13. Rosemary Jay, Data Protection Law and Practice 172 (4th ed. 2012).
14. Qu'est-ce qu'une donnée personnelle?, Commission National De L'informatique Et Des Libertés, http://www.cil.cnrs.fr/CIL/spip.php?rubrique299 (last visited Mar. 23, 2014).
15. David H. Flaherty, Protecting Privacy In Surveillance Societies (1992).165-74.
16. Christopher Kuner, European Data Protection Law 252 (2d ed. 2007).
17. Paul M. Schwartz, The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures, 126 HARV. L. REV. 1966, 1992-2000 (2013).
18. Jacob M. Victor, Comment, The EU General Data Protection Regulation: Toward a Property Regime for Protecting Data Privacy, 123 YALE L.J. 513 (2013).
19. Christopher Kuner, The European Commission's Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law, 11 Privacy & Security L. Rep. 215, 217 (2012).
20. Google Books Ngram Viewer, https://books.google.com/ngrams.
21. Daniel J. Solove & Paul M. Schwartz, Information Privacy Law 1828-36.
22. Carol M. Rose, Crystals and Mud in Property Law, 40 STAN. L. REV. 577, 592-93 (1988).
23. Kathleen M. Sullivan, The Supreme Court 1991 Term - Foreword: The Justices of Rules and Standards, 106 HARV. L. REV. 22, 57-59 (1992).
24. Daniel J. Solove & Paul M. Schwartz, Privacy Law Fundamentals 176-78 (2013).
25. Daniel J. Solove & Paul M. Schwartz, Privacy Law Fundamentals (2013).17-74.
26. Solove & Schwartz, Privacy Law Fundamentals at 176-78.
27. Lisa J. Sotto, Privacy And Data Security Law Deskbook 15 (2013).
28. Newman, Protectors of Privacy 76 (2008) at 75-76.
29. Viktor Mayer-Schönberger & Kenneth Cukier, Big Data (2013).
30. Emily Steel & Julia Angwin, On the Web's Cutting Edge, Anonymity in Name Only, WALL ST. J., Aug. 4, 2010, http://online.wsj.com/news/articles/SB10001424052748703294904575385532109190198.
31. Michael Barbaro & Tom Zeller Jr., A Face Is Exposed for AOL Searcher No. 4417749, N.Y. TIMES, Aug. 9, 2006, http://www.nytimes.com/2006/08/09/technology/09aol.html? pagewanted=all&-r=0.
32. Timothy P. Glynn et al., Employment Law 515-43 (2007).
33. Timothy P. Glynn et al., Employment Law (2007). 19-20.
34. Bradley A Malin et al., Biomedical Data Privacy: Problems, Perspectives, and Recent Advances, 20 J. AM. MED. INFORMATICS ASS'N 1, 2, 4 (2013).
35. Jessica Silver-Greenberg, Perfect 10? Never Mind That. Ask Her for Her Credit Score, N.Y. TIMES, Dec. 25, 2012, http://www.nytimes.com/2012/12/26/business/even-cupid-wants-to-knowyour-credit-score.html.
36. Solove & Schwartz, Schwartz, Privacy Law Fundamentals at 176-78.
37. Julia Angwin & Tom McGinty, Sites Feed Personal Details to New Tracking Industry, WALL ST. J., July 30, 2010, http://online.wsj.com/news/articles/SB10001424052748703977004575393173432219064.
38. William H. Cooper, Cong. Research Serv., RL30608, EU-U.S. Economic Ties: Framework, Scope and Magnitude (2013).
39. Paul M. Schwartz, The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures, 126 HARV. L. REV. 1966, (2013) 1979-80.
40. Newman, Protectors of Privacy 76 (2008) at 74-82.
41. Paul M. Schwartz, The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures, 126 HARV. L. REV. at 1991.
42. Anne-Marie Slaughter, A New World Order 5, 15, 20, 59, 162 (2004).
43. Anne-Marie Slaughter, A New World Order 1980-84.
44. Issuance of Safe Harbor Principles and Transmission to European Commission, 65 Fed. Reg. 45, 666 (July 24, 2000).
45. Paul M. Schwartz, The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures, 126 Harv. L. Rev. at 1981.
46. Commission Decision (EC) 2004/915 of 27 Dec. 2004 Amending Decision 2001/497/EC as Regards the Introduction of an Alternative Set of Standard Contractual Clauses for the Transfer of Personal Data to Third Countries, 2004 O.J. (L 385) 74, 74-75.
47. Lingjie Kong, Data Protection and Transborder Data Flow in the European and Global Context, 21 EUR. J. INT'L L. 441, 449 (2010).
48. List of Companies for Which the EU BCR Cooperation Procedure Is Closed, EUR. COMM'N, http://ec.europa.eu/justice/data-protection/document/international-transfers/binding-corporaterules/bcr-cooperation/index-en.htm (last visited Mar. 23, 2014).
49. Press Release, Viviane Reding, Vice-President of the European Commission, EU Data Protection Rules: Better for Business, Better for Citizens (Mar. 26, 2013), available at http://europa.eu/rapid/press-release-SPEECH-13-269-en.htm.
50. Damon Greer, Safe Harbor May Be Controversial in the European Union, But It Is Still the Law, Privacy Advisor (Aug. 27, 2013), https://www.privacyassociation.org/publications/safe-harbor-may-be-controversial-in-the-european-union-but-it-is-still-the (last visited Mar. 23, 2014).
51. Lothar Determann, Data Privacy in the Cloud: A Dozen Myths and Facts, Computer & Internet Law., Nov. 2011, at 1, 4.
52. Draft Report on the Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individual with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), at 58-59 (Dec. 17, 2012), available at http://www.europarl.europa.eu/meetdocs/2009-2014/documents/libe/pr/922/922387/922387en.pdf.
53. Press Release, Informal Justice Council in Vilnius, MEMO/13/710 (July 19, 2013), available at http://europa.eu/rapid/press-release-MEMO-13-710-en.htm.
54. Communication from the Commission to the European Parliament and the Council, Rebuilding Trust in the EU-US Data Flows, at 6, COM (2013) 846 final (Nov. 27, 2013), available at http://ec.europa.eu/justice/data-protection/files/com-2013-846-en.pdf.
55. European Parliament, US NSA Surveillance Programme, Surveillance Bodies in Various Member States and Impact on EU Citizens' Fundamental Rights and on Transatlantic Cooperation in Justice and Home Affairs, Recommendations 40-41 (Mar. 12, 2014), http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0230.
56. Erika Mccallister et al., Nat'l Inst. of standards & tech., guide to protecting the confidentiality of personally identifiable information (PII) 2-1 (2010).
57. U.S. Gov't Accountability Office, GAO-08-536, Privacy: Alternatives Exist For Enhancing Protection of Personally Identifiable Information 1 n.1 (2008).
58. Rosemary Jay, Data Protection Law and Practice (4th ed. 2012) 172.
59. Christopher Kuner, European Data Protection Law 252 at 92.
60. Deven McGraw, Building Public Trust in Uses of Health Insurance Portability and Accountability Act De-identified Data, 20 J. AM. MED. INFORMATICS ASS'N 29, 32 (2013).
61. Deven McGraw, Building Public Trust in Uses of Health Insurance Portability and Accountability Act De-identified Data, 20 J. AM. MED. INFORMATICS ASS'N (2013) Id. at 20.
62. Deven McGraw, Building Public Trust in Uses of Health Insurance Portability and Accountability Act De-identified Data, 20 J. AM. MED. INFORMATICS ASS'N (2013) Id. at 20-21.
63. Khaled El-Emam, Guide To The De-Identification Of Personal Health Information 151-58 (2013).
64. Khaled El-Emam, Heuristics for De-Identifying Data, IEEE Security & Privacy, July/Aug. 2008, at 58.
65. Khaled El-Emam, Risk-Based De-Identification of Health Data, IEEE SECURITY & PRIVACY, May/June 2010, at 64.
66. El-Emam, Risk-Based De-Identification, 66.
67. Michael Howard & Steve Lipner, The Security Development Lifecycle (2006).
68. Org. for Econ. Co-operation & Dev., Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, OECD Doc. C(80)(58)/FINAL, as amended on 11 July 2013 by C(2013)79, available at http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf.
69. Jeremy Ginsberg et al., Detecting Influenza Epidemics Using Search Engine Query Data, 457 NATURE 1012, 1014 (2009).
70. Viktor Mayer-Schönberger & Kenneth Cukier, Big Data (2013).at 52-53.
71. Viktor Mayer-Schönberger & Kenneth Cukier, Big Data (2013) 59-61.
72. Viktor Mayer-Schönberger & Kenneth Cukier, Big Data (2013) Id. at 113.
73. David C Kaelber et al., Patient Characteristics Associated with Venous Thromboembolic Events: A Cohort Study Using Pooled Electronic Health Record Data, 19 J. AM. MED. INFORMATICS ASS'N 965 (2012).
74. Louis D. Brandeis, Other People's Money And How The Bankers Use It 92 (1914).
75. Aclu of California, Losing The Spotlight: A Study Of California's Shine The Light Law 4 (2013), available at https://www.aclunc.org/publications/losing-spotlight-studycalifornias-shine-light-law.
76. Paul Ohm, Broken Promises of Privacy, 57 UCLA L. REV. 1701, 1741-42 (2010).
77. Paul Ohm, Broken Promises of Privacy, 57 UCLA L. REV. 1701, (2010) Id. at 11.
78. Paul Ohm, Broken Promises of Privacy, 57 UCLA L. REV. 1701, (2010)Id. at 16.
79. Paul Ohm, Broken Promises of Privacy, 57 UCLA L. REV. 1701, 1741-42 (2010)Id. at 16, 18.
80. FED. Trade Comm'n, Protecting Consumer Privacy In An Era of Rapid Change (2012).at 21.
81. Daniel C. Barth-Jones, The "Re-identification" of Governor William Weld's Medical Information (July 24, 2012) (working paper) (available at http://papers.ssrn.com/sol3/papers.cfm?abstract-id=2076397.