03 March 2018

Directions in Privacy Scholarship

The excellent 'Legal Scholarship on Data Protection: Future Challenges and Directions' by Lee Bygrave in Cécile de Terwangne, Elise Degrave, Séverine Dusollier and Robert Queck (eds), Liber amicorum Yves Poullet / Essays in honour of Yves Poullet (Bruylant, forthcoming) discusses
some of the future challenges facing legal scholarship in the data protection field and recommends prioritising particular issues, approaches and methodologies to meet these challenges. The essay argues that the ongoing rapid growth of law, policy and scholarship on data protection makes it increasingly difficult for individual researchers to maintain an up-to-date overview of the field, and it pressures them to specialise. With this specialisation comes a risk of data protection scholarship fracturing into silos of discourse that rarely speak with each other. Added to this come a variety of other risks, such as ongoing ‘Western’ bias in the scholarship and continuing ignorance of the history, heritage and actual practice of data protection law. The essay urges data protection scholars to embrace an open, cross-jurisdictional approach that not only leverages off insights drawn from other disciplines but also attempts to connect with other fields of legal study. The essay also recommends greater exploration of the historical dimensions of data protection law, the jurisdictional quandaries such law poses and the ways in which it is actually applied ‘on the ground’.
Bygrave comments
When Samuel Warren and Louis Brandeis penned their famous article ‘The Right to Privacy’ near the end of the nineteenth century, published literature on the matters taken up in the article was sparse. Thirty years ago, when I first delved into law on privacy and data protection, academic literature on such law had grown immensely. This literature, though, was still fairly easy to track down and digest, partly because other scholars had made efforts to systematise it. Yves Poullet is one such scholar. Already in 1980, he co-produced the first bibliography in French of literature dealing with legal issues related to use of computer technology. More relevant for present purposes, however, is an annotated bibliography edited by David H. Flaherty and published in 1984 which contains 1,862 entries dealing with privacy and data protection issues. Of these, 595 articles, chapters and reports concern legal aspects of privacy and data protection law. Remarkably, United States’ (US) literature makes up approximately half of all the entries, reflecting the North American origins of large-scale discourse on computer-related threats to privacy. 
The situation is now markedly different in several respects. To begin with, US scholarship, while still influential and increasingly voluminous, is not as predominant in international discourse on privacy and data protection as it used to be. Secondly, this discourse is now considerably more global than it was, and it accordingly involves scholars from countries and cultures that scarcely figured in the discourse of the 1980s or earlier – Chinese, Indian, African and Brazilian scholars being obvious examples. Further, back then, much of the scholarship dealing specifically with privacy issues was of a philosophical, sociological, psychological, economic, political or technological nature and it tended to discuss – in various permutations – the meaning and value of privacy, particularly in light of developments in computer technology. This type of scholarship fed into – and to some extent off – a smaller body of legal research on protection of personal data. Such scholarship is still undertaken, but its growth has been outstripped and partly overshadowed by the latter type of research. The last few decades have seen the build-up of a massive wave of academic endeavour focused on the legal dimensions of privacy and data protection. Concomitantly, just as lawyers no longer treat data protection law as a ‘poor cousin’ of law on intellectual property rights, so too is research on the former area of law no longer a quaint niche activity on the outer margins of legal science. This is evidenced in part by the emergence of specialist journals on data protection law along with a strong rise in the number of articles on data protection law issues being published in other journals. 
All up, then, data protection law as a field of scholarship is undergoing radical expansion. A disinterested observer might wryly see an apparent paradox to this development: as the basic societal bedrock supporting privacy dramatically erodes, scholarship on its legal protection flourishes. While this scholarship harbours a few eulogies for data protection law, the bulk of contributors appear to have their shirt-sleeves rolled up, ready for many years of future research in the field. Yet, the paradox (if any) lies more in the stark contrast between de facto privacy erosion and the increasingly elaborate legal structures aimed ostensibly at preventing that erosion. It is these structures’ growth and increasing density that largely explains the flourishing of legal scholarship. xxx The scale, speed and complexity of recent developments in data protection law are breath taking, particularly in a global perspective. Well over 100 countries now have relatively comprehensive laws on protection of personal data, and the rate of this growth has been almost exponential. In many of these jurisdictions, the legislative regimes in point are a tangled mix of omnibus and sectoral codes, often of different generations and with inconsistent terminological apparatuses. Ongoing reform processes add to the complexity – as those trying to make sense of current developments in European Union (EU) law in the field are acutely aware. Another complicating factor is the increasing amount of court jurisprudence. Just over fifteen years ago, I wrote an article asking ‘where have all the judges gone?’ in the development of data protection law. The question is much less pertinent today, at least if we look to the burgeoning data protection jurisprudence from the European Court of Human Rights and Court of Justice of the EU (CJEU) – jurisprudence that increasingly ties the hands of other law makers. Thus, there is no shortage of developments in this legal field to parse and analyse. ... 
Perhaps the most salient challenge for current and future scholars is to maintain an accurate overview of the data protection field as it rapidly expands, both in terms of regulatory developments and in terms of research and policy discourse on those developments. At the same time, this expansion not only creates ever greater difficulties for individual researchers to keep the entire data protection field ‘under surveillance’, it also pressures them to specialise, either thematically or jurisdictionally. 
While specialisation has clear benefits, it also has a downside inasmuch as it can engender a fracturing of data protection scholarship into silos of discourse that rarely speak with, let alone acknowledge, each other. The notoriously US-centric focus of much privacy law scholarship in North America has long been a case in point, although recent years have seen systematic attempts being made by both US and European scholars to build transatlantic bridges. German scholarship on data protection law provides perhaps another case in point, in that much of it tends to refer predominantly to German literature. However, this tendency might be excused as a by-product of a legitimate need to maintain a scholarly discourse in the German language rather than being the product of a Weltanschauung viewing Germany as the whole of the relevant world – a view that one can be forgiven for thinking is paralleled in some US scholarship with respect to the global importance of the USA. 
The principal point, though, is that as we are inevitably pressured to burrow down into our respective areas of specialisation, it will be extremely important in the years ahead to keep our eyes on the ‘big picture(s)’ and stay alert to possible synergies between the various silos of study. Review articles – i.e., articles that survey and summarise previously published scholarship – can play a useful role in this regard. Such articles, however, are relatively few in the field of data protection, and anecdotal evidence suggests that getting them accepted for publication in reputable journals can be difficult as they are either too long or regarded as insufficiently ‘scientific’. This is a pity as they are crucial for mapping the research landscape and getting our bearings therein. Their status ought accordingly to be elevated in data protection scholarship. 
An under-communicated dimension of the specialisation problem is paucity of connection between scholars specialised in data protection law and scholars specialised in other fields of legal study. Data protection law is not an island; it does not operate as a discrete regulatory framework entirely separate to and independent of other regulatory frameworks