In a new article published in the Oslo Law Review, Christopher Docksey and Kenneth Propp argue that the principle of “accountability” currently utilized for ensuring the privacy of personal data in the commercial context is equally a valuable framework for regulating government access to data. They describe this principle as “a proactive and demonstrable commitment by the individuals in an organisation to respect [an] ethical and legal framework.” It also can serve, they suggest, to identify common goals among data privacy and intelligence communities.
Docksey and Propp illustrate this approach by closely examining EU Court of Justice (CJEU) case law on surveillance and international data transfers, in comparison to key elements of the recently implemented EU-US Data Privacy Framework (DPF) elements. The authors also consider developments in other fora, including the European Data Protection Board, the Global Privacy Assembly, and the Organization for Economic Cooperation and Development, as supportive of an accountability approach.
The EU and United States could provide leadership for an accountability-based, international code of practice. Its key features would be trust and transparency, legality and proportionality, and independent oversight. Such a code would enable similarly situated democracies to “develop the level of trust and transparency necessary for greater privacy interoperability in the future.” This will, however, require an “assumption of responsibility for the processing of personal information by the leaders and members of the intelligence community, the development of the necessary technical and operational measures to ensure respect for the agreed principles, and the ability to demonstrate the resulting compliance, in fact and law.”
To read the full article, click here.
These statements are attributable only to the authors, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.