Chilling effects and transatlantic privacy

AuthorJonathon Penney
DOIhttp://doi.org/10.1111/eulj.12315
Publication Date01 Mar 2019
SPECIAL ISSUE ARTICLE
Chilling effects and transatlantic privacy
Jonathon Penney*
Abstract
Can the European and American privacy divide be bridged? Bilyana Petkova, in this issue, offers
compelling reasons to be sceptical. One recent solution, advanced by Pierluigi Perri and David Thaw,
is that common concerns about chilling effects can bridge that divide. However, their discussion of
chilling effects was narrow and their analysis limited to procedural transatlantic convergence. This
essay explores this idea with a more systematic and sustained discussion of chilling effects theory
and research, while arguing that chilling effects does, in fact, provide possibilities for substantive
transatlantic privacy. I argue that chilling effectsis often treated as an ahistorical singular idea
but there are, in fact, three separate paradigms of chilling effects theory, research and understand-
ing: (1) speech; (2) privacy and autonomy; and (3) collectivist. I set out each and argue that the con-
ceptualisation of chilling effects exemplified by the second paradigmfocused on privacyrelated
chilling effectsoffers a shared normative and theoretical foundation to bridge the transatlantic pri-
vacy divide. I also explore how new chilling effects theory and research can impact substantive and
procedural transatlantic privacy efforts, including rethinking consent; empowering stronger judicial
enforcement of privacy claims; and balancing competing claims in substantive proposals like the
Right to be Forgotten (RTBF).
1|INTRODUCTION
A number of commentators have recently offered various proposals and foundations for transatlantic privacy
approaches and cooperation.
1
Joel Reidenberg has argued that the common challenge of data surveillance necessi-
tates American and European convergence on privacy.
2
Deirdre Mulligan and Kenneth Bamberger have heralded a
new American story, wherein US regulators have drawn on European data protection to address new privacy chal-
lenges.
3
And Paul Schwartz and KarlNikolaus Peifer, for their part, argue that new institutions and processes, like
*Research Fellow, The Citizen Lab, Munk School of Global Affairs and Public Policy, University of Toronto; Research Associate, Center for InformationTech-
nology Policy, Princeton University; Associate Professor and Director of the Law and Technology Institute, Schulich School of Law, Dalhousie University.
1
P. Schwartz and K. Peifer, Transatlantic Data Privacy Law(2017) 106 Georgetown Law Journal, 115; P. Perri and D. Thaw, Ancient Worries and Modern
Fears: Different Roots and Common Effects of US and EU Privacy Regulation(2017) 49 Connecticut Law Review, 1621; N. Richards, Four Myths of Privacy,
in A. Sarat (ed.), A World Without Privacy: What the Law Can and Should Do (Cambridge University Press, 2015), at 12; J.R. Reidenberg, The Data Surveil-
lance State in the United States and Europe(2014) 49 Wake Forest Law Review, 583, 583584; K.A. Bamberger and D.K. Mulligan, Privacy in Europe: Initial
Data on Governance Choices and Corporate Practices(2013) 81 George Washington Law Review, 1521.
2
Reidenberg, above, n. 1, at 583584.
3
Bamberger and Mulligan, above, n. 1, at 15611562.
Received: 16 December 2018 Revised: 22 February 2019 Accepted: 22 February 2019
DOI: 10.1111/eulj.12315
122 © 2019 John Wiley & Sons Ltd. Eur Law J. 2019;25:122139.wileyonlinelibrary.com/journal/eulj
those established under the General Data Protection Regulation (GDPR),
4
offer a foundation for cooperation.
5
In this
issue, Bilyana Petkova offers compelling reasons to be sceptical of such proposals.
6
She argues that privacy is emerg-
ing as a unifying constitutional value for Europe comparable to America's First Amendment culture founded on free
speech.
7
In light of that divide, she foresees future clashes with a more internationalist privacy discourse remaining
largely rhetorical.
8
Petkova's argument, which builds upon past works illustrating the important normative and con-
ceptual differences between European and American privacy,
9
sets out clearly the challenges for transatlantic
privacy.
To bridge this continental divide, Pierluigi Perri and David Thaw recently suggested common European and Amer-
ican concerns about chilling effects”—how privacy threats may chill or deter people from acting freely or exercising
their fundamental rightsmight offer a basis for transatlantic privacy.
10
Indeed, with internet surveillance and censor-
ship on the rise,
11
the amount of data available online unprecedented,
12
and states and businesses increasing their
technological capacity to track, process, analyse and leverage it,
13
concerns about chilling effects have taken on
greater urgency and public importance internationally.
14
Moreover, though the chilling effects concept has American
origins, similar concerns about the impact of data collection and relating practices have long been considered part of
the broader European data protection project.
15
Nevertheless, Perri and Thaw offer only brief definition of the notion
of chilling effects,with no systematic exploration of chilling effects theory and research and how it has evolved over
time.
16
And, being conscious of the American/European conceptual divide on privacy, they limit their discussion to
procedural forms of transatlantic harmonisation and cooperation on privacy.
17
This is unfortunate because I believe
4
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Pro-
cessing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC [2016] OJ L 119/1.
5
Schwartz and Peifer, above, n. 1, at 12.
6
See B. Petkova, Privacy as Europe's First Amendment(2019) European Law Journal (this issue).
7
Ibid., at 1.
8
Ibid., at 1.
9
See, for example, J.Q. Whitman, TheTwo Western Cultures ofPrivacy: Dignity versus Liberty(2004) 113 Yale Law Journal, 1151; R.C. Post, Three Con-
cepts of Privacy(2001) 89 Georgetown Law Journal, 2087; Perri and Thaw, above, n. 1. See, also, N.A. John and B. Peters, Why Privacy Keeps Dying: The
Trouble with Talk about the End of Privacy(2017) 20(2) Information, Communication, & Society, 284.
10
Perri and Thaw, above, n. 1, at 1624.
11
D. Volz, Global Internet Surveillance, Censorship on Rise: Report,Reuters,28 October 2015, available at https://www.reuters.com/article/uscybersecu-
rityreportidUSKCN0SM1M220151028; A. Fiscutean, Internet Censorship: It's on the Rise and Silicon Valley Is Helping It Happen,ZDNet, 28 November
2017, available at https://www.zdnet.com/article/internetcensorshipitsontheriseandsiliconvalleyishelpingithappen/. See, also, J.W. Penney, The
Cycles of Global Telecommunication Censorship and Surveillance(2015) 36 University of Pennsylvania Journal of International Law, 693, 693694.
12
V. BoehmeNeßler, Privacy: A Matter of Democracy: Why Democracy Needs Privacy and Data Protection(2016) 6 International Data Privacy Law, 222,
222; C. Kuner, Transborder Data Flow Regulation and Data Privacy Law (Oxford University Press, 2013), 4ff.
13
B. Wagner, J. Bonowicka, C. Berger and T. Behrndt, Surveillance and Censorship: The Impact of Technologies on Human Rights, Policy Department,
DirectorateGeneral for External Policies Report (European Parliament, 2015), at 612, available at http://www.europarl.europa.eu/RegData/etudes/
STUD/2015/549034/EXPO_STU(2015)549034_EN.pdf; S.A. Cohen and M.W. Granade, Models Will Run the World,Wall Street Journal (Opinion),19
August 2018, available at https://www.wsj.com/articles/modelswillruntheworld1534716720.
14
Penney, above, n. 11; B. van der Sloot, D. Broeders and E. Schrijvers, Introduction: Exploring the Boundaries of Big Data, in B. van der Sloot, D. Broeders
and E. Schrijvers (eds.), Exploring the Boundaries of Big Data (Amsterdam University Press, 2016), at 11; F.J. Zuiderveen Borgesius, Singling Out People with-
out Knowing their NamesBehavioural Targeting, Pseudonymous Data, and the New Data Protection Regulation(2016) 32 Computer Law & Security
Review, 256, 267; Y. Hermstrüwer and S. Dickert, Sharing Is Daring: An Experiment on Consent, Chilling Effects and a Salient Privacy Nudge(2017) 51
International Review of Law and Economics, 38; C. Quelle, Not just User Control in the General Data Protection Regulation, in A. Lehmann, D. Whitehouse,
S. FischerHübner, L. Fritsch and C. Raab (eds.), Privacy and Identity 2016 (Springer, 2016), 140, 154; M. Oostveen and K. Irion, The Golden Age of Personal
Data: How to Regulate an Enabling Fundamental Right?, in M. Bakhoum, B. Conde Gallego, M.O. Mackenordt and G. Surblyte (eds.), Personal Data in Com-
petition, Consumer Protection and IP LawTowards a Holistic Approach? (Springer, 2017); R. van Brakel, Preemptive Big Data Surveillance and its (Dis)
empowering Consequences: The Case of Predictive Policingin B. van der Sloot, D. Broeders and E. Schrijvers (eds.), Exploring the Boundaries of Big Data
(Amsterdam University Press, 2016), 117; F.J. Zuiderveen Borgesius, S. Kruikemeier, S.C. Boerman and N. Helberger, Tracking Walls, TakeItorLeaveIt
Choices, the GDPR, and the ePrivacy Regulation(2017) 3 European Data Protection Law Review, 353.
15
See, for example, J. van Hoboken, From Collection to Use in Privacy Regulation? A ForwardLooking Comparison of European and US Frameworks for
Personal Data Processing, in van der Sloot et al. (eds.), above, n. 14, 231, at 243; B. van der Sloot, The Individual in the Big Data Era: Moving towards
an AgentBased Privacy Paradigm, in van der Sloot et al. (eds), above, n. 14, 177; Quelle, above, n. 14, at 154. See, generally, Perri and Thaw, above, n. 1.
16
Perri and Thaw, above, n. 1, at 1626, 16331634.
17
Ibid.
PENNEY 123

To continue reading

Request your trial