Prof. Lilian Edwards: A race to the bottom, middle or top? Reforming EU data protection law"
Privacy is big news nowadays. In Europe, the progress of the draft Data Protection Rgulation has attracted more lobbyist attention from the US, government and industry than any EU instrument in living memory. Even In the US, where historically privacy's importance has been downplayed, the populace is aghast at the recent PRISM revelations that the main web2.0 players have been sharing the details of our lives with the NSA, US and EU citizens alike.
The key question for privacy scholars of the last 10 years is whether the "notice and choice" approach taken by DP law in Europe and in less concrete form globally by the OECD Privacy Principles and FIPPs can truely still protect user privacy in the digital and networked world. This paper will argue that it cannot. First, the notion of consent ("choice") has become so illusory in the online environment as to be more a hindrance than a help. Second, in the age of the Internet of Things - ambient computing - little or no opportunity will be given to make choices anyway. Thirdly, the notion of purpose limitation("notice") will increasingly become defunct in the age of Big Data and its surrounding economic and policy incentives. Some partial solutions to these issues will be proffered - regulated contracts; regulated defaults; control of use rather than collection of data; but without a great deal of hope!