The "final" privacy frontier? Regulating trans-border data flows

Abstract

This article examines the threat to privacy posed by the transfer of personal information from one jurisdiction to another. Despite international trends towards greater protection of personal information significant challenges to personal privacy arise in this context. These include the use of outsourcing by businesses, the encroachment of security laws and the potential 'spill-over' of technologies developed for combating terrorism into the private sector. Also significant are technologies enabling the 'profiling' of individuals and 'data mining' across borders. Against this backdrop the article considers existing jurisdictional responses towards regulating personal information flows across borders. It considers various actual or proposed solutions including 'safe-harbours', contractual mechanisms and extra-territorial applications. The article concludes that many of the existing approaches to regulating trans-border information flows are to some extent deficient and suggests the need for a new 'fourth generation' set of data protection protocols. In formulating the latter, analogies are drawn from other relevant areas of the law in order to furnish creative solutions to the problem. © International Journal of Law and Information Technology Vol. 17 No. 2 Oxford University Press 2007; all rights reserved.