Legalization of Privacy and Personal Data Governance: Feasibility Assessment for a New Global Framework Development

Abstract

The International Conference of Data Protection and Privacy Commissioners has been actively engaged in the development of a new, legally binding international framework for privacy and data protection. Given the existence of three international privacy and data protection regimes (i.e. the OECD Privacy Guidelines, the EU data protection framework and the APEC Privacy Framework) and the availability of other bilateral venues to resolve transnational data flows issues (e.g. the EU-US Safe Harbor agreement, the Umbrella Agreement and the latest, the Privacy Shield arrangement), the thesis asks whether the development of such a new regime is feasible.

The main finding of the thesis is that in an era of a globalized society driven by the internet and information-communications technology, where all three of the leading international privacy and data protection regimes are consistently updating and modifying their respective frameworks, and where there is persistent divergence between the European Union and the United States approaches towards transborder data flow, the emergence of a new, legally binding international framework is unlikely, at least under the prevailing circumstances.

Therefore, the thesis calls for a shift towards an institutionalized arrangement that is founded on existing international co-operation and convergence and that further expands ongoing inter-regime collaboration. The approach recommended in the thesis is an effective alternative to the development of a new, legally binding international framework, and even offers strong prospects for the evolution of a legalized arrangement for international privacy and personal data governance in due course.