Principles of the Law, Data Privacy is now available in print. This is ALI’s first venture into the field of information privacy law. This project identifies core principles useful for bringing greater coherence to this area. Like all Principles projects, it seeks to provide best practices for institutions other than the courts—in this case entities that collect personal information and the legislatures and administrative agencies, state and federal, that regulate them.
Reporters Paul M. Schwartz of the University of California, Berkeley School of Law, and Daniel J. Solove of George Washington University Law School completed this project at a time when guidance on data privacy is more necessary than ever.
Professor Paul Schwartz and I were the co-reporters on the project. With a great team of advisers plus the helpful comments of ALI members, we drafted this document, which is similar to a model code. We have a forthcoming essay coming out in 2021 in the UCLA Law Review about the project and its black letter principles: ALI Data Privacy: Overview and Black Letter Text.
About the essay:
In this Essay, the Reporters for the American Law Institute Principles of Law, Data Privacy provide an overview of the project as well as the text of its black letter. The Principles aim to provide a blueprint for policymakers to regulate privacy comprehensively and effectively.
The United States has long remained an outlier in privacy law. While numerous nations have enacted comprehensive privacy laws, the U.S. has clung stubbornly to a fragmented, inconsistent patchwork of laws. Moreover, there long has been a vast divide between the approaches of the U.S. and European Union (EU) to regulating privacy – a divide that many consider to be unbridgeable.
The Principles propose comprehensive privacy principles for legislation that are consistent with certain key foundations in the U.S. approach to privacy, yet that also align the U.S. with the EU. Additionally, the Principles attempt to breathe new life into the moribund and oft-criticized U.S. notice-and-choice approach, which has remained firmly rooted in U.S. law. Drawing from a vast array of privacy laws and frameworks, and with a balance of innovation, practicality, and compromise, the Principles aim to guide policymakers in advancing U.S. privacy law.
Outline of the ALI Data Privacy Principles:
CHAPTER 1: PURPOSE, SCOPE, AND DEFINITIONS
Section 1: Purpose and Scope of the Data Privacy Principles
Section 2: Definitions
CHAPTER 2: DATA PRIVACY PRINCIPLES
Section 3: Transparency Statement
Section 4: Individual Notice
Section 5: Consent
Section 6: Confidentiality
Section 7: Use Limitation
Section 8: Access and Correction
Section 9: Data Portability
Section 10: Data Retention and Destruction
Section 11: Data Security
Section 12: Onward Transfer
CHAPTER 3: ACCOUNTABILITY AND ENFORCEMENT
Section 13: Accountability
Section 14: Enforcement
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training. He also posts at his blog at LinkedIn, which has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum an annual event designed for seasoned professionals.