About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

5 Int'l Data Priv. L. 1 (2015)

handle is hein.journals/intldatpc5 and id is 1 raw text is: International Data Privacy Law, 2015, Vol. 5, No. 1 Internet Balkanization gathers pace: is privacy the real driver? Christopher Kuner*, Fred H. Cate**, Christopher Millard**, Dan Jerker B. Svantesson***, and Orla Lynskey**** '[W] e do not really trust the Data Acts in other countries or ... we understand that there are none at all. So we feel unprotected in those countries with our data - walking down Fifth Avenue in our underwear'. Provocative exclamations of distrust have become commonplace in recent skirmishes between the EU and the USA over data privacy and trade policy. This is, however, well-trodden ground. Indeed, the statement above was made in the late 1970s by Kerstin Amer, an Under Secretary of State in the Swedish Government, as a justification for the world's first national data protec- tion law, a statute which included a requirement that prior authorization be obtained for exports of personal data. During the 1970s and early 1980s various other countries also raised concerns about 'data sovereignty'. Not all were European, though several appear to have been motivated by anxiety about a US hegemony that was already emerging in cross-border data services. For example, a 1972 Canadian Federal Government report entitled Computers and Privacy acknowledged that 'as a sovereign state, Canada feels some national embarrass- ment and resentment over increasing quantities of often sensitive data about Canadians being stored in a foreign country'. With the benefit of hindsight, this juxtaposition of injured sovereignty and privacy concerns looks like an early example of confused thinking about data export controls. A few years later, the Brazilian Government declared its commitment to maximize the information resources located in Brazil, declaring that 'teleprocessing services provided by means of computers located abroad are not, in principle, used by Brazil.' In response to such developments, Mr Justice Kirby, then Chairman of the OECD Expert Group on Transborder Data Barriers and the Protection of Privacy, warned in * Editor-in-Chief. ** Editor. *** Managing Editor. **** Book Review Editor. 1 For a more detailed discussion with further examples of early calls for localization of data processing operations, see chapter 9 of Christopher 1980 that '[t] he bureaucratic nightmare, impossibly cum- bersome, ineffective, and expensive impediments to inter- national data traffic could still develop'.2 Since then, a key stated objective of almost all international initiatives to promote harmonization of data privacy rules has been to facilitate the free movement of personal data between states that make a commitment to enforce certain, more or less basic, data protection principles. This is true of non-binding measures, such as the 1980 OECD Guide- lines, as well as treaties and other binding instruments, such as the 1981 Council of Europe Convention on data protection and the 1995 EU Data Protection Directive. Yet agitation for stronger geographical and jurisdic- tional restrictions on data flows persists, including recent calls for transfers to be restricted between entities that are already subject to legally binding mechanisms to protect cross-border flows of personal data (such as the EU-US Safe Harbor). The temperature of the debate has risen markedly since the Snowden revelations began to emerge, with suggestions recently that even transfers within established free-flow regions (such as the EEA) should be curtailed. A specific example of an initiative that might lead to material disruption of cloud and other Internet-based services is talk in Europe about development of a pos- sible virtual Schengen area. Although so far rather in- choate, this appears to be an attempt to create an online free movement zone for data to operate alongside the physical Schengen Area within which internal border controls have already been removed between most EU and EFTA countries. The idea was first aired in February 2011, not in a data protection context, but during a discussion of cybercrime at a Joint Meeting of the EU's Law Enforcement and Customs Cooperation Working Millard, Legal Protection of Computer Programs and Data (Carswell / Sweet & Maxwell, Toronto / London, 1985). 2 'Data Flows and the Basic Rules of Data Privacy' (1980) 16 Stan J. Int. L 27-66 at 29. C The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com 1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most