About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

5 Int'l Data Priv. L. 1 (2015)

handle is hein.journals/intldatpc5 and id is 1 raw text is: 


International Data Privacy Law, 2015, Vol. 5, No. 1


Internet Balkanization gathers pace: is privacy the

real driver?

Christopher Kuner*, Fred H. Cate**, Christopher Millard**,
Dan Jerker B. Svantesson***, and Orla Lynskey****


'[W] e do not really trust the Data Acts in other countries
or ... we understand that there are none at all. So we feel
unprotected in those countries with our data - walking
down  Fifth Avenue in our underwear'.
   Provocative exclamations  of distrust have become
commonplace   in recent skirmishes between the EU and
the USA   over data privacy and  trade policy. This is,
however,  well-trodden ground. Indeed,  the statement
above was  made  in the late 1970s by Kerstin Amer, an
Under  Secretary of State in the Swedish Government, as
a justification for the world's first national data protec-
tion law, a statute which included a requirement that
prior authorization be obtained for exports of personal
data. During the  1970s and early 1980s various other
countries also raised concerns about 'data sovereignty'.
Not  all were European, though several appear to have
been motivated  by anxiety about a US  hegemony  that
was  already emerging in cross-border data services. For
example, a  1972 Canadian  Federal Government  report
entitled Computers and Privacy acknowledged that 'as a
sovereign state, Canada feels some national embarrass-
ment  and resentment over increasing quantities of often
sensitive data about Canadians being stored in a foreign
country'. With the benefit of hindsight, this juxtaposition
of injured sovereignty and privacy concerns looks like an
early example of confused  thinking about data export
controls. A few years later, the Brazilian Government
declared its commitment  to maximize the information
resources located in Brazil, declaring that 'teleprocessing
services provided by means of computers located abroad
are not, in principle, used by Brazil.'
   In response to such developments, Mr Justice Kirby, then
Chairman  of the OECD Expert Group on Transborder
Data Barriers and the Protection of Privacy, warned in

*    Editor-in-Chief.
**   Editor.
***  Managing Editor.
**** Book Review Editor.
1  For a more detailed discussion with further examples of early calls for
   localization of data processing operations, see chapter 9 of Christopher


1980 that '[t] he bureaucratic nightmare, impossibly cum-
bersome, ineffective, and expensive impediments to inter-
national data traffic could still develop'.2 Since then, a key
stated objective of almost all international initiatives to
promote  harmonization of data privacy rules has been to
facilitate the free movement of personal data between
states that make a commitment to enforce certain, more
or less basic, data protection principles. This is true of
non-binding  measures, such as the 1980 OECD   Guide-
lines, as well as treaties and other binding instruments,
such as the 1981 Council of Europe Convention on data
protection and the 1995 EU Data Protection Directive.
   Yet agitation for stronger geographical and jurisdic-
tional restrictions on data  flows persists, including
recent calls for transfers to be restricted between entities
that are already subject to legally binding mechanisms to
protect cross-border flows of personal data (such as the
EU-US  Safe Harbor). The temperature of the debate has
risen markedly since the Snowden  revelations began to
emerge,  with suggestions recently that even transfers
within established free-flow regions (such as the EEA)
should be curtailed.
   A specific example of an initiative that might lead to
material disruption of cloud and other Internet-based
services is talk in Europe about development of a pos-
sible virtual Schengen area. Although so far rather in-
choate, this appears to be an attempt to create an online
free movement  zone  for data to operate alongside the
physical Schengen  Area within which  internal border
controls have already been removed  between most  EU
and EFTA  countries. The idea was first aired in February
2011, not  in a data protection context, but during a
discussion of cybercrime at a Joint Meeting of the EU's
Law  Enforcement  and  Customs  Cooperation  Working

   Millard, Legal Protection of Computer Programs and Data (Carswell / Sweet &
   Maxwell, Toronto / London, 1985).
2  'Data Flows and the Basic Rules of Data Privacy' (1980) 16 Stan J. Int. L
   27-66 at 29.


C The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com


1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most