Designing data-protection law: do we have better ideas?

By dr. Kunbei Zhang — copied from Leiden Law Blog:

Twenty years ago, the enactment of Directive 95/46/EC raised a new playing field at EU level. The long-awaited Directive showed a convergence of political opinions in the Member States on how to regulate data protection. The Directive is granted with legal binding forces because it requires the Member States to ensure national laws comply with it. A European-wide legal system over data protection issues was established. It was implicitly assumed to be the template for the rest of the world to emulate. However, repeated waves of scandals about abusing the right to personal data have followed one by one in Europe, for instance, the passenger name record debate in 2004, the SWIFT case in 2006, the Snowden case in 2014. All came in rapid succession. These scandals have shaken people’s confidence on European legal system over data protection issues. European lawyers have come to view data protection law more skeptically, emphasising the influences of technology and asking for a stricter legislation.

Not very effective

In the meantime, Chinese lawyers propose to transplant Directive 95/46/EC to improve current situation on data protection. Today, in China, there is no comprehensive legislation at a national level. The traditional legal arrangements for privacy protection are still applied to data protection issues, such as the arrangements for contractual and tort liabilities. Specific rules and provisions governing the use of personal data are scattered over different laws, regulations and local ordinances, and therefore not very effective. Thus, the legal transplantation proposal aims to bring the data protection level up to a higher standard on protecting consumers data rights.

Skepticism

However, the enthusiasm of using European data protection law to address Chinese problems should be treated with skepticism. First, European data protection law is not as complete as Chinese legislators expect, since it tries to regulate a field which is highly dynamic. Second, the conception of informational privacy, which is significant to data protection law, has a strong cultural attribute. This may influence the acceptance of a foreign law in a host country. Third, in China where the data protection system is not well-organized, European data protection rule may be not capable of effective implementation. Therefore, simply transplant European data protection law may not be as effective as Chinese legislators expect. Against this background, Kunbei Zhang believes that the legal transplantation proposal, although could improve China’s current situation, may be not a right prescription.

How to improve Chinese current situation?

Do we have a better idea to improve Chinese current situation? Zhang proposed that it would be more optimal to borrow a fraction of the European data protection rules rather than to clone the whole system. The immediate focus should be to evaluate the European data protection rules: what does it work well and less well? She did some trials in applying Complexity theory to evaluate. Based on this evaluation, Zhang concluded with suggestion that Complexity theory-based analysing model could be used to predict the development of data protection law in practice. This theory could help legislators to evaluate the outcome of legal intervention: whether a legal intervention is desired and when it is desired to intervene? The finding could be operated as checks against some of the mistakes of current transplantation proposal. It is against this background that Zhang expects that regulation over data-protection issues stand to benefit from being informed through the lens of CAS theory.

Dr. Zhang’s book “Can Chinese Legislation on Informational Privacy benefit from European Experience?” is available at Amazon DE, at Amazon UK and at Amazon USA.

1969 — Computer Programming

In 1969, I was a law student at Utrecht University. At that time, reading law in the Netherlands was not a full-time occupation. After having been active on the side for two years in a theater/acting student fellowship, I became one of the first computer programmers in the Netherlands. At the faculty of social sciences, where empiricism and statistics had become popular.

The infra structure was different, then. In all of the Netherlands, a handful of mainframe computers was available. Computer science was not yet an individual discipline: it was part of applied mathematics. It was only very much later that I came to understand that — despite what seems self evident — computing and mathematics are uncomfortable bedfellows indeed.

In one important sense, computing is rather like what many people think the law does: it describes what has to be done, and often how. Computing and math coincide, when computing describes what has to be done within the constraints of consistent formal-system behaviour — say in a formal game. Computing and math diverge, when the consistency requirement is dropped or diluted.

Much later (in 1987) I would discover that it is possible to describe how laws have to be changed in computing algorithms, while no consistent math model can. [Of course, this had been discovered earlier. Nevertheless, it hardly ever surfaces in scientific debate.]

Case-1

It was January 2nd, 2014.
Out in the rain, I met a neighbour.
We deplored the world’s state of play: firework accidents galore, and Paris reportedly being glad that a mere thousand cars had been set alight. Less than last Sylvester’s eve, apparently.
“I hope,” my neighbour said, “that these assholes will be punished severely.” I agreed. Yet I couldn’t help thinking that such punishment might not prevent the asshole behaviour from recurring next year. We went our separate ways, rather depressed for a proper new year’s start.
 

The scene mentioned here is used to illustrate many of my blogs. It is Case-1. Blogs that use it get the Case-1 tag (tags are in the side bar). Case-1 blogs tend to be small stories, meant to be useful for discussing the law’s genealogy and efficacies, inviting non-law professionals in. I will not use technical terms of legal professionals – even when these do think that I do.  In Case-1 blogs, for example, the word ‘contract’ means what it tends to mean to those who manage to make an agreement without an academic or professional legal education.