| Review of: | The Governance of Privacy: Policy Instruments in Global Perspectives by Colin Bennett, Charles Raab |
|---|---|
| Reviewed By: | William J. Long |
| Reviewed in: | Governance |
| Date accepted online: | 10/04/2008 |
| Published in print: | Volume 20, Issue 04, Pages 703-715 |
Book Reviews
This comprehensive survey of the governance of personal data privacy by two veteran scholars is an informative treatment of a policy realm at the forefront of globalization and one that implicates fundamental societal beliefs and values. Several audiences will find this book useful, as it is accessible both to specialists and to those new to this policy domain.
For Bennett and Raab, global capitalism, ubiquitous technology, and the modern "surveillance state" threaten personal data privacy. The protection of personal privacy, however, is "decentralized," safeguarded as much by inchoate transnational regimes, industry codes of conduct and self-regulation, and privacy-protecting technologies as by state governmental authority. They argue that privacy protection, as both a social value and an individual right, requires more comprehensive policies and institutional arrangements to meet the growing threats.
The book discusses the various instruments of privacy protection-transnational, national, private, and technological-in detail and explores the many challenges associated with trying to assess the level of protection provided by privacy regimes. It concludes with four possible future scenarios for the protection of personal privacy: (1) a race to the top, for instance, a comprehensive global standard of privacy protection laws and institutions based on the EU model; (2) a race to the bottom, where the individual must fend for himself in circumstances of burgeoning data flows; (3) a world of privacy "haves" and "have-nots," with privacy reserved for wealthy and technologically advanced locales; or (4) an
Although this reviewer and most of the book's readers are likely to be sympathetic to the authors' preference for enhanced global privacy protection consistent with the European model, there is a certain irony in their preference for a "one size fits all" policy prescription. The irony of course is that in after bemoaning the pernicious effects of global capitalism and technology transfer that runs roughshod over our personal privacy, their favored solution is equally hegemonic in dismissing other cultures' and societies' approach to data privacy protection that do not weigh the value of personal data privacy relative to other social values quite the way EU policymakers do and that do not share the authors' dirigiste policy preferences.
In touting the European model of privacy protection as the appropriate goal for policymakers everywhere, the authors disregard the underlying reality that different states and societies have very different definitions of privacy, different views on the nature of the threat to privacy, and hence different, but arguably equally appropriate, privacy protection regimes. For example, the European approach toward data protection is grounded in the concept of privacy as a fundamental human right. In this conception, a just and free society results only when individuals are able to interact with self-determination and dignity. The right of the individual to information about himself becomes critical to sustain this condition of autonomy. The state intercedes between organizations (such as private business) and individuals to create parity, and guarantees this fundamental right through prophylactic protection. The 1998 European Union Data Protection Directive embodies these norms.
In the United States, however, individuals tend to be more trusting of the private sector and the free market to protect personal privacy, fearing more the invasion of privacy from the state, not the market. In America, privacy is traditionally conceived as the "the right to be left alone." The U.S. legal system treats privacy as a personal property right that may be disposed of as one sees best rather than an unassailable human right. Constitutionally, there is no explicit right to privacy in the United States. The Supreme Court has ruled that there is an implicit, limited constitutional right of privacy based on a number of provisions in the Bill of Rights, such as the right of privacy from government surveillance into an area where a person has a "reasonable expectation of privacy" under the Fourth Amendment (
Likewise, an emerging Asian approach to personal privacy protection contained in the Asia-Pacific Economic Cooperation 2004 Privacy Principles offers yet another way of striking the balance between the value of personal data privacy and other societal goals such as economic growth, bureaucratic efficiency, and national security. The authors look with suspicion on this approach too, fearing it will not meet the EU standard.
Tellingly, in their conclusion, Bennett and Raab concede that "[t]here is no consistent and concerted worldwide privacy movement" (282). In view of the lack of popular demand for the EU approach and the underlying historical and cultural diversity that contributes to the various approaches to privacy protection, perhaps the more accurate description of the status of global governance of privacy is that it constitutes a coherent "protection patchwork," rather than an incoherent system of "patchwork protection," as Bennett and Raab would have us believe.