Sample Solution

surveillance, and unauthorized disclosure of one’s information. Data privacy is the application of these principles to information technology. The International Association of Privacy Professionals (IAPP) Glossary notes that data or information privacy is the “claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” Data protection, on the other hand, is the process of safeguarding important information from corruption, compromise or loss. In his article Data Privacy v. Data Protection, David Robinson clarifies that “data protection is essentially a technical issue, whereas data privacy is a legal one.” This distinction matters because the terms are often used interchangeably in popular discourse, but do not mean the same thing. It is important to keep in mind that the laws and regulations that cover “management of personal information” are typically grouped under “privacy policy” in the U.S. and under “protection policy” in the EU.
Because the European Parliament has framed the GDPR as a “protection policy”, many people believe that the GDPR creates a morally superior regime to that which currently exists in the U.S. However, this belief conflates the value of privacy with a secular set of technical requirements on data protection. In addition, while the EU’s regulator for data protection, labels itself as the “global gold standard”, this assertion is not yet warranted because various critical components of the GDPR such as data portability and the right to erasure are still being tested both in the marketplace and the courts.
As a growing number of tech executives assert the need for new broad-sweeping federal privacy legislation in the U.S., many Americans are being persuaded by lofty descriptions of the GDPR—contrasting them with what they see as a morally inferior laissez faire approach at home—both because they confuse data privacy and protection and because they are not aware of America’s own substantive personal informational privacy protections developed since the founding of our country. In addition, U.S. constituents’ skewed understanding of their country’s privacy framework exists, in part, due to the growing number of journalists who refer to the U.S. as the “wild west,” as if there are no laws or regulations on data privacy and protection. In reality, the U.S. privacy and data protection regime is arguably the oldest, most robust, well developed and effective in the world. The EU’s laws are relatively new, officially dating from this century, and still lack the history of judicial scrutiny and case law that characterizes U.S. law.