Symposium on the GDPR and international law a tale of two privacy laws: The GDPR and the international right to privacy

Abstract

The European Union’s General Data Protection Regulation (GDPR)1 is widely viewed as setting a new global standard for the protection of data privacy that is worthy of emulation,2 even though the relationship between the GDPR and existing international legal protections for the right to privacy remain unexplored. Correspondingly, this essay examines the relationship between these two bodies of law, and finds that the GDPR’s provisions are neither necessary nor sufficient to protect the right to privacy as enshrined in Article 17 of the International Covenant on Civil and Political Rights (ICCPR).3 It argues that there are other equally valid and effective approaches that states can pursue to protect the right to privacy in an increasingly digital world, including the much-maligned American approach of regulating data privacy on a sectoral basis.