PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

ALI Data Privacy: Overview and Black Letter Text — Available for Download

American Law Institute (ALI) Data Privacy 01

Professor Paul Schwartz and I have posted the black letter text of the American Law Institute (ALI), Principles of the Law, Data Privacy. Professor Paul Schwartz and I were co-reporters on the project.  Earlier this year, I wrote a post about our completion of the project.  According to the ALI press release: “The Principles seek to provide a set of best practices for entities that collect and control data concerning individuals and guidance for a variety of parties at the federal, state, and local levels, including legislators, attorneys general, and administrative agency officials.”

The project is an attempt to create a comprehensive approach to data privacy for the United States.  The project was 7 years in the making, and we’re thrilled finally to share the text.  We also wrote a short introduction to explain what various provisions are attempting to accomplish.  You can download it from SSRN for free.  Our piece is called ALI Data Privacy: Overview and Black Letter Text.

Here’s the abstract.

In this Essay, the Reporters for the American Law Institute Principles of Law, Data Privacy provide an overview of the project as well as the text of its black letter. The Principles aim to provide a blueprint for policymakers to regulate privacy comprehensively and effectively.

The United States has long remained an outlier in privacy law. While numerous nations have enacted comprehensive privacy laws, the U.S. has clung stubbornly to a fragmented, inconsistent patchwork of laws. Moreover, there long has been a vast divide between the approaches of the U.S. and European Union (EU) to regulating privacy – a divide that many consider to be unbridgeable.

The Principles propose comprehensive privacy principles for legislation that are consistent with certain key foundations in the U.S. approach to privacy, yet that also align the U.S. with the EU. Additionally, the Principles attempt to breathe new life into the moribund and oft-criticized U.S. notice-and-choice approach, which has remained firmly rooted in U.S. law. Drawing from a vast array of privacy laws and frameworks, and with a balance of innovation, practicality, and compromise, the Principles aim to guide policymakers in advancing U.S. privacy law.

The essay above consists of our short introduction and the black letter text.  The full document is 100+ pages long and is available at the ALI.  Right now, final proofreading and formatting are being done on the document, but you can obtain from ALI the near-final version.

Continue Reading

ALI Principles of Law, Data Privacy

ALI Principles of Law Data Privacy

I’m thrilled that, the American Law Institute (ALI) has approved the Principles of the Law, Data Privacy. Professor Paul Schwartz and I were co-reporters on the project.  According to the ALI press release: “The Principles seek to provide a set of best practices for entities that collect and control data concerning individuals and guidance for a variety of parties at the federal, state, and local levels, including legislators, attorneys general, and administrative agency officials.”

The project involves our attempt to create a comprehensive approach to data privacy for the U.S. that bridges the divide with the EU.  For example, there are many provisions in the General Data Protection Regulation (GDPR) that are not as incompatible with U.S. law as one might think.  We bring U.S. law most of the way there, but we preserve core commitments in U.S. law that cannot readily be made consistent with the EU approach. We also have some new approaches to certain issues that haven’t yet been tried in quite the same ways in other laws before, such as our approach to transparency and notice, as well as our approach to handling the identifiability of personal data.  The Principles of the Law, Data Privacy is not an attempt to write our ideal privacy law as if drafting on a blank slate.  Nor is it an attempt to restate existing law. Instead, it is something in between. We build on foundations in existing law, look for ways the law can be advanced progressively without clashing with core commitments or introducing concepts that are without precedent.

ALI Principles of the Law Data Privacy

Thus, our goal has been to produce a balanced compromise, an approach to advance U.S. privacy law significantly without being radical.  I am certain industry and advocates will find things they like and things that they wish were different.  This isn’t the law I’d write if I were writing on a blank slate. But it is, I hope, a big step forward.

We hope this project is useful to legislatures working on privacy legislation, to other policymakers, and to everyone who is thinking about privacy law.

We want to thank our advisory group and the ALI members who contributed greatly to this project. The ALI process is a wonderful one — a thoughtful constructive discussion about how to craft meaningful regulation between practitioners, judges, and academics, among others.

The final draft will be released very soon.  Paul and I will be posting the blackletter portion of the project. The entire document, which consists of our commentary, notes, and illustrations — including the support for and rationales behind the provisions — will be available from the ALI.  Please stay tuned.

As a teaser, below is the table of contents

Continue Reading