Regulating data privacy in the age of surveillance capitalism : the making of the European general data protection regulation and the California Consumer Privacy Act
Abstract/Contents
- Abstract
- Drawing from original interviews with the lawmakers, archival materials, internal emails, and other primary and secondary sources, this dissertation presents a comprehensive, comparative case study of the legislative histories of the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). It explores the role of institutions, business interest groups and civil society, as well of individual policy entrepreneurs in the policymaking process and explains their ability to pass the world's two strictest privacy laws despite significant push-back from powerful tech giants and other business interests. The dissertation identifies three common factors in the GDPR and CCPA policymaking process. First, both laws were influenced by the presence of foreign elements. In the GDPR case, American tech giants were direct participants through their extensive lobbying in the European institutions. Their lobbying, perceived as aggressive, nontransparent and self-serving, backfired and allowed privacy advocates to frame the need for the GDPR to protect Europeans from their public-private surveillance. Conversely, for the subsequently enacted CCPA, the GDPR served both as a sample for legislative transplant and also as a case in point that comprehensive data privacy laws are possible and will not "break the Internet." Given that many California-based tech giants had to comply with the stricter GDPR standards, the CCPA has also arguably received less resistance than it would have without the GDPR. Second, both the GDPR and CCPA proponents benefited from exogenous events, major scandals related to the collection and use of personal information. For the GDPR process, that scandal was Edward Snowden's revelations about a massive US surveillance program based on the data collected by US-based tech companies. For the CCPA, the Cambridge Analytica scandal revealed that personal data from millions of Facebook profiles was used without consent for political advertising and amplified the concerns about implications of individual data privacy violations on democratic process. Both scandals made the arguments against a data privacy law politically unpopular. Third, this dissertation highlights the increasingly important role of underdog policy entrepreneurs, individuals outside of traditional lawmaking institutions or organized interest groups in promoting policy change.
Description
| Type of resource | text |
|---|---|
| Form | electronic resource; remote; computer; online resource |
| Extent | 1 online resource. |
| Place | California |
| Place | [Stanford, California] |
| Publisher | [Stanford University] |
| Copyright date | 2022; ©2022 |
| Publication date | 2022; 2022 |
| Issuance | monographic |
| Language | English |
Creators/Contributors
| Author | Khatam, Damira |
|---|---|
| Degree supervisor | Lemley, Mark A, 1966- |
| Thesis advisor | Lemley, Mark A, 1966- |
| Thesis advisor | Keller, Daphne |
| Thesis advisor | MacCoun, Robert J |
| Degree committee member | Keller, Daphne |
| Degree committee member | MacCoun, Robert J |
| Associated with | Stanford University, School of Law JSD |
Subjects
| Genre | Theses |
|---|---|
| Genre | Text |
Bibliographic information
| Statement of responsibility | Damira Khatam. |
|---|---|
| Note | Submitted to the School of Law JSD. |
| Thesis | Thesis JSD Stanford University 2022. |
| Location | https://purl.stanford.edu/vy365sw3809 |
Access conditions
- Copyright
- © 2022 by Damira Khatam
- License
- This work is licensed under a Creative Commons Attribution Non Commercial 3.0 Unported license (CC BY-NC).
Also listed in
Loading usage metrics...