The final published version of my article with Professor Paul Schwartz, ALI Data Privacy: Overview and Black Letter Text., 68 UCLA L. Rev. 1262 (2022) is now posted on SSRN and available as a free download.
The article is based on the ALI Data Privacy Principles. Professor Paul Schwartz and I were the co-reporters on the project. With a great team of advisers plus the helpful comments of ALI members, we drafted this document, which is similar to a model code.
In this Article, the Reporters for the American Law Institute Principles of Law, Data Privacy provide an overview of the project as well as the text of its black letter. The Principles aim to provide a blueprint for policymakers to regulate privacy comprehensively and effectively.
The United States has long remained an outlier in privacy law. While numerous nations have enacted comprehensive privacy laws, the United States has clung stubbornly to a fragmented, inconsistent patchwork of laws. Moreover, there long has been a vast divide between U.S. and European Union (EU) approaches to regulating privacy—a divide that many consider to be unbridgeable.
The Principles propose comprehensive privacy principles for legislation that are consistent with key foundations in the U.S. approach to privacy but also better align the United States with the EU. Additionally, the Principles breathe new life into the moribund and oft-criticized U.S. notice-and-choice approach, which has remained firmly rooted in U.S. law. Drawing from a vast array of privacy laws and frameworks, and with a balance of innovation, practicality, and compromise, the Principles aim to guide policymakers in advancing U.S. privacy law.
You can download it for free on SSRN.
About the ALI Data Privacy Principles
Outline of the ALI Data Privacy Principles:
CHAPTER 1: PURPOSE, SCOPE, AND DEFINITIONS
Section 1: Purpose and Scope of the Data Privacy Principles
Section 2: Definitions
CHAPTER 2: DATA PRIVACY PRINCIPLES
Section 3: Transparency Statement
Section 4: Individual Notice
Section 5: Consent
Section 6: Confidentiality
Section 7: Use Limitation
Section 8: Access and Correction
Section 9: Data Portability
Section 10: Data Retention and Destruction
Section 11: Data Security
Section 12: Onward Transfer
CHAPTER 3: ACCOUNTABILITY AND ENFORCEMENT
Section 13: Accountability
Section 14: Enforcement
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training. He also posts at his blog at LinkedIn, which has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum an annual event designed for seasoned professionals.