Abstract
The technological infrastructures enabling the collection, processing, and trading of data have fuelled a rapid innovation of data governance models. We differentiate between macro, meso, and micro level models, which correspond to major political blocks; societal-, industry-, or community level systems, and individual approaches, respectively. We focus on meso-level models, which coalesce around: (1) organisations prioritising their own interests over interests of other stakeholders; (2) organisations offering technological and legal tools aiming to empower individuals; (3) community-based data intermediaries fostering collective rights and interests. In this article we assess these meso-level models, and discuss their interaction with the macro-level legal frameworks that have evolved in the US, the EU, and China. The legal landscape has largely remained inconsistent and fragmented, with enforcement struggling to keep up with the latest developments. We argue, first, that the success of meso-logics is largely defined by global economic competition, and, second, that these meso-logics may potentially put the EU's macro-level framework with its mixed internal market and fundamental rights-oriented model under pressure. We conclude that, given the relative absence of a strong macro level-framework and an intensive competition of governance models at meso-level, it may be challenging to avoid compromises to the European macro framework.
Highlights
Data can be extracted and processed by private parties and governments at unprecedented scales, speed and efficiency
We provide a brief overview of these approaches to personal data governance in the European Union (EU), the United States (US) and China in order to highlight the dynamics between the macro- and meso-levels
Federal law on privacy is specific to particular sectors and activities, such as for example the Children’s Online Privacy Protection Act (COPPA), the Gramm Leach Bliley Act (GLBA) concerning data collected by the financial service industry, the Fair Credit Reporting Act (FCRA) concerning credit data; the Health Information Portability and Accountability Act, protecting health information
Summary
Data can be extracted and processed by private parties and governments at unprecedented scales, speed and efficiency. Aaronson and Leblond, 2018; O’Hara and Hall, 2018; Goldfarb and Trefler, 2018) These differences play out in the political, legal and economic frameworks that define (personal) data governance at the macro-level, such as the EU General Data Protection Regulation (GDPR) (Granger and Irion, 2019), the piecemeal, sector-specific, but generally business-friendly approach which characterises the US (Chander, 2014), or the Chinese approach which harnesses its social credit system as a disciplinary mechanism (Backer, 2019; Mac Mac Síthigh and Siems, 2019). A number of governance models, such as distributed ledgers or data commons, have emerged as counter-practices, defined in opposition to dominant public or private data regimes Some of these counter-initiatives are heavily technological in nature, such as individual data control technologies developed by crypto-libertarian communities. The current macro-level data governance regimes produce inadequate results both when the data is static, and when it is the subjectmatter of transactions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
