Information Privacy: Networks of Regulation at the Subglobal Level
| DOI | http://doi.org/10.1111/j.1758-5899.2010.00030.x |
| Date | 01 October 2010 |
| Author | Charles D. Raab |
| Published date | 01 October 2010 |
Information Privacy: Networks of
Regulation at the Subglobal Level
Charles D. Raab
University of Edinburgh
Abstract
Regulating personal information processing to protect
privacy in the face of strong threats occurs at many
jurisdictional levels. Recent efforts among data
protection authorities (DPAs) have emphasised the
need for transborder collaboration in enforcement and
other tasks, and they have organised themselves to
undertake this work. Network and group formation
and activity among DPAs has increased at global and
subglobal levels, aimed at concerting regulatory
practices and principles as well as at developing
institutionalised infrastructures for greater continuity
and effectiveness. This article identifies and describes
the many cross-cutting associations through which
this activity takes place at the subglobal level as they
interact with wider global efforts in this field, and
briefly assesses the prospects for further development.
Policy Implications
•Global threats to information privacy should be
mitigated by the further development of institu-
tions and instruments for data protection at the
global level.
•Subglobal developments in data protection will
remain important to this, in providing arenas for
practical cooperation among data protection
authorities, and should be encouraged.
•Organisational development beyond current net-
works and groups at both global and subglobal lev-
els will require permanent institutional machinery
and resources.
•The value of regulation beyond individual jurisdic-
tional boundaries will depend on achievements
more than on the further promulgation of resolu-
tions and declarations, although the latter can be
instrumental for the former.
The privacy of personal information has been under threat
in recent years from many quarters. Information, like
money and water, flows across jurisdictional boundaries;
dangers and risks are imported and exported without, as
yet, the consistent ability of regulators – singly or in
concert – to counter them effectively. Global commercial
transactions involve large flows of customers’ and employ-
ees’ personal data. States and governments compile, inten-
sively use and share detailed databases for law
enforcement, combating terrorism, tracking movements of
immigrants and providing public services. These data-pro-
cessing developments have placed great pressures on
people’s ability to control and protect their personal data,
or to have it protected by law, public policy and dedicated
organisations. Privacy protection and surveillance have
become public and political issues, stimulated in part by
consumer and rights groups as well as by privacy advocates
(Bennett, 2008).
Earlier work on global regulation and governance has,
however, devoted little attention to privacy protection
within the scope of related domains of information and
communication practices (e.g. Held and McGrew, 2002;
Koenig-Archibugi and Zu¨rn, 2005; Murray, 2007).
Although this article does not test or apply theories and
approaches, it has been informed by literature that appears
relevant to the study of international privacy protection, in
terms of regulatory globalisation, institutional theory, net-
works in international relations and multilevel governance
(e.g. Bache and Flinders, 2004; Hooghe and Marks, 2003;
Keohane and Nye, 1974; Reinicke, 1998; Slaughter, 2000;
Slaughter and Zaring, 2006; Vogel, 1995). The present
article’s largely descriptive nature leaves aside any signifi-
cant engagement with some of these analytical constructs
and their often controverted definitions (e.g. ‘network’,
‘institution’, ‘multilevel’), but future research is likely to
involve using some of them for analytical purposes, as
Newman (2008) has done, and as is touched on elsewhere
(Raab, forthcoming).
Since the 1970s, laws and regulatory systems have prolif-
erated in many jurisdictions to provide data protection, to
uphold the value of privacy and to safeguard it as a right in
the ‘surveillance society’. New occupations and professions
have emerged, such as Chief Privacy Officers overseeing
the use of personal data in private or public sector organi-
sations. In a more independent form, regulation has
become the responsibility of designated officials and their
offices: the legally constituted privacy commissioners or
data protection supervisory authorities – DPAs – of a large
Global Policy Volume 1 . Issue 3 . October 2010
Global Policy (2010) 1:3 doi: 10.1111/j.1758-5899.2010.00030.x Copyright 2010 London School of Economics and Political Science and John Wiley & Sons Ltd.
Research Article
291
To continue reading
Request your trial