Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Kuner/<strong>Regulation</strong> <strong>of</strong> <strong>Transborder</strong> <strong>Data</strong> <strong>Flows</strong> <strong>under</strong> <strong>Data</strong> Protection and Privacy Law 27<br />
III. Issues and Analysis<br />
A. Legal nature <strong>of</strong> the various approaches<br />
<strong>Regulation</strong> <strong>of</strong> transborder data flows derives from a number <strong>of</strong> distinct legal traditions<br />
and cultures, depending on the originating country or region. For example, some regional<br />
legal instruments (such as Council <strong>of</strong> Europe Convention 108, 83 the European<br />
Convention on Human Rights, 84 and the Charter <strong>of</strong> Fundamental Rights <strong>of</strong> the European<br />
Union 85 ), recognize data protection as a fundamental human right, so that laws regulating<br />
transborder data flows may have the quality <strong>of</strong> legally-binding human rights instruments.<br />
Other instruments may not be based on human rights law, and may not be legally<br />
binding. For example, a scan <strong>of</strong> the APEC Privacy Framework reveals that the terms<br />
‘fundamental right’ and ‘human right’ are not used at all in the document, and the<br />
purpose <strong>of</strong> the Framework is defined in terms <strong>of</strong> realizing the benefits <strong>of</strong> electronic<br />
commerce rather than <strong>of</strong> protecting human rights. 86<br />
The characterization <strong>of</strong> data protection as a human right has important legal implications,<br />
since it means that the law may be more difficult to change and a higher value may be<br />
placed on the rights <strong>of</strong> individuals than in jurisdictions where the subject is seen more<br />
from the point <strong>of</strong> view <strong>of</strong> economic efficiency. Differences in the legal nature <strong>of</strong> data<br />
protection and privacy law between cultures and legal systems have made it more<br />
difficult to reach an international consensus on the subject. 87<br />
Even when data protection is considered to be a human right, the regulation <strong>of</strong><br />
transborder data flows is generally not considered to be a fundamental principle <strong>of</strong> data<br />
protection and privacy law. For example, in the Madrid Resolution, regulation <strong>of</strong><br />
transborder data flows is not included in Part II, which lists ‘basic principles’ <strong>of</strong> data<br />
protection (lawfulness and fairness, purpose specification, proportionality, data quality,<br />
openness, and accountability), but is contained in a separate section (section 15).<br />
Similarly, in the EU Directive, the provisions on transborder data flows are not included<br />
in the section containing the core rules <strong>of</strong> data processing (‘Chapter II: General Rules on<br />
the Lawfulness <strong>of</strong> the Processing <strong>of</strong> Personal <strong>Data</strong>’), but in a separate section (‘Chapter<br />
IV: Transfer <strong>of</strong> Personal <strong>Data</strong> to Third Countries’).<br />
<strong>Regulation</strong> <strong>of</strong> transborder data flows focuses on policies such as preventing<br />
circumvention <strong>of</strong> the law and guarding against data processing risks where the data are<br />
83<br />
See Article 1, referring to the individual’s ‘right to privacy, with regard to automatic processing <strong>of</strong><br />
personal data relating to him’.<br />
84<br />
Article 8, together with case law interpreting it, such as Rotaru v Romania (App no 28341/95) ECHR<br />
2000-V.<br />
85<br />
Article 8, [2000] 2000/C364/01.<br />
86<br />
See APEC Privacy Framework (n 2), at 3, stating that ‘APEC economies realize that a key part <strong>of</strong> efforts<br />
to improve consumer confidence and ensure the growth <strong>of</strong> electronic commerce must be cooperation to<br />
balance and promote both effective information privacy protection and the free flow <strong>of</strong> information in the<br />
Asia Pacific region’.<br />
87<br />
See Michael Kirby, ‘The History, Achievement and Future <strong>of</strong> the 1980 OECD Guidelines on Privacy’, 1<br />
International <strong>Data</strong> Privacy Law ___ (forthcoming in 2011) regarding the impact <strong>of</strong> such factors on the<br />
drafting <strong>of</strong> the OECD Guidelines.