In the past few years, data protection has taken center stage in the news. Illegal hacks of private systems alongside deliberate and legal, albeit unethical manipulation of data has cast a shadow on every aspect of public and private lives of individuals. Even governments and institutions have been affected globally. There are well established criminal laws that protect theft and fraud but only in scenarios that are more conventional in nature. The pace of technological advancements creates new scenarios that often result in legal loop holes, or falls outside the scope of protection of many criminal laws. In other words, our legal system is globally struggling to stay ahead of technology. Unfortunately, any legislation is slow and deliberate, and good laws take years to formulate and enact. In a global market where perpetuators live in a single continent, computer servers reside in a second and the victims are located in a third continent, such challenges seem insurmountable. When criminal laws fail to provide protection directly, more indirect ways are sought in seeking protection.
In recent years, intellectual property laws have been used indirectly to address the deficiencies of criminal laws when it comes to data protection issues. Copyright laws have especially been shouldering the burden of providing some form of privacy protection. There are some advantages afforded by copyright laws. For one, in many countries, copyright laws do provide some criminal penalties. In addition, copyright laws have been enacted globally and some measure of reciprocity is already in existence between many jurisdictions. Unfortunately, copyright laws are not designed primarily for their current purposes; as a result, they too fall short in many areas.
One area that provides special challenges in copyright law is the determination of data ownership. In the United States, copyright ownership can be afforded to both individuals and/or third party entities. The protection can last between 70 to 120 years from the creation of the copyright work. If data is created or aggregated by a third party but about a certain individual, the individual is not the owner of the data and ownership is afforded to the entity instead. A parallel exists in photography cases where the owner of a picture is not the individual who posed for the picture but rather the studio or the photographer who took the picture. In this way, the combination of length of protection and ownership of data provides special issues when it comes to protecting individual privacy.
In Europe, General Data Protection (GDPR) is recently enacted to address some of these concerns. The rules, which were four years in the making, are trying to replace a patchwork of national laws that govern the use and privacy of data relating to 500 million EU citizens. The intent is to boost police and security protection and create a single digital market. In the United States, a similar effort may be viewed with suspicion. Perhaps these diverse perspectives can be surmised by use of historical data. The European Commission who proposed the changes argued that there is no freedom without security and no security without freedom. Benjamin Franklin, however, famously argued that those who give up essential liberties to purchase a little temporary safety, deserve neither liberty or safety. While GDPR does not necessarily take away essential liberties, comparing the two views delineate some fundamental global concerns that plague the development of a cohesive set of criminal and intellectual property laws that address digital data protection.