Privacy law is suffering from a midlife crisis. Despite well-recognized tectonic shifts in the socio-technological-business arena, the privacy framework continues to stumble along like an aging protagonist in a rejuvenated cast. The framework’s fundamental concepts are outdated; its goals and justifications in need of reassessment; and yet existing reform processes remain preoccupied with corporate organizational measures, which yield questionable benefits to individuals’ privacy rights. At best, the current framework strains to keep up with new developments; at worst, it has become irrelevant.
More than three decades have passed since the introduction of the OECD Privacy Guidelines; and 15 years since the EU Data Protection Directive was put in place and the “notice and choice” approach gained credence in the United States. This period has seen a surge in the value of personal information for governments, businesses and society at large. Innovations and breakthroughs, particularly in information technologies, have transformed business models and affected individuals’ lives in previously unimaginable ways. Not only technologies but also individuals’ engagement with the data economy has radically changed. Individuals now proactively disseminate large amounts of personal information online via platform service providers, which act as facilitators rather than initiators of data flows. Data transfers, once understood as point-to-point transmissions, have become ubiquitous, geographically indeterminate, and typically “residing” in the cloud.
In a new article titled Privacy law’s midlife crisis: A critical assessment of the second wave of global privacy laws, which will be presented at the upcoming Ohio State Law Journal Symposium on The Second Wave of Global Privacy Protection, I address the challenges posed to the existing privacy framework by three main socio-technological-business shifts: the surge in big data and analytics; the social networking revolution; and the migration of personal data processing to the cloud. The term big data refers to the ability of organizations to collect, store and analyze previously unimaginable amounts of unstructured information in order to find patterns and correlations and draw useful conclusions. Social networking services have reshaped the relationship between individuals and organizations. Those creating, storing, using, and disseminating personal information are no longer just organizations but also geographically dispersed individuals who post photos, submit ratings, and share their location online. The term cloud computing encompasses (at least) three distinct models of utilizing computing resources through a network – software, platform and infrastructure as a service. The advantages of cloud computing abound and include reduced cost, increased reliability, scalability, and security; however, the processing of personal information in the cloud poses new risks to privacy.