Enforcing European Privacy Regulations from Below: Transnational Fire Alarms and the General Data Protection Regulation<sup>*</sup>

Jang, Woojeong; Newman, Abraham L.

doi:10.1111/jcms.13215

Cited by 6 publications

(6 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other important institutional innovations contained in GDPR, however, are geared to address these issues. Article 80 of the regulation offers third parties like NGOs an explicit role in the process (Jang and Newman 2022). As per the regulations, privacy NGOs and other organizations that deal with privacy issues may bring complaints to DPAs for investigation on behalf of data subjects.…”

Section: -Data Protection Implementation In Europementioning

confidence: 99%

“…At the same time, our preliminary results suggest that NGOs have been less active or able to serve as direct service providers for citizens. Finally, the results underscore the growing civic nature of data protection policy implementation in Europe (Jang and Newman 2022). The standard critique of European privacy law as overly top-down and centralized may need to be updated and patterns of civic policy implementation should be considered.…”

mentioning

confidence: 94%

“…This is a stark turn for European data protection regulation, which had long been criticized as overly bureaucratic and top-down, lacking on-the-ground oversight (Bamberger and Mulligan 2015). Increasingly though, European data protection rules incorporate a much broader number of actors than just government agencies, including third parties like nongovernmental organizations (NGOs), which have mobilized to turn laws on the books into policy actions (Jang and Newman 2022). In other words, implementation of GDPR now takes a village.…”

mentioning

confidence: 99%

See 2 more Smart Citations

The civic transformation of data privacy implementation in Europe

Mizarhi-Borohovich

Newman

Sivan‐Sevilla

2023

West European Politics

View full text Add to dashboard Cite

In January 2019, Google was slapped with a $50 million dollar fine by the French Data Protection Authority, the Commission Nationale de l'Informatique et des Libertés (CNIL). The CNIL found that the company had failed to provide adequate transparency around how data was authorized and collected from users of its Android operating system. In addition to being one of the first major penalties levied under Europe's signature data privacy law, the General Data Protection Regulation (GDPR), the case is notable because it was initiated collectively by two NGOs, the French La Quadrature du Net (LQDN) and the Austrian None of Your Business (nyob). Since the Google case, NGOs have been behind some of the largest GDPR fines in

show abstract

Section: -Data Protection Implementation In Europementioning

confidence: 99%

mentioning

confidence: 94%

mentioning

confidence: 99%

See 1 more Smart Citation

The civic transformation of data privacy implementation in Europe

Mizarhi-Borohovich

Newman

Sivan‐Sevilla

2023

West European Politics

View full text Add to dashboard Cite

show abstract

“…Based on examples emerging from Europe, civil society actors are essential in bringing strategic market surveillance gaps in front of regulatory agencies. NGOs were found to inject technical expertise, legal knowledge, and organizational capacities to the privacy enforcement process, contributing to the efforts of regulators in creating a culture of compliance across market actors (Borohovich et al, 2022;Jang & Newman, 2022). In addition to reacting to more obvious harms, privacy focused NGOs can perform dedicated research and proactively identify issues and harms that individuals or more traditional consumer rights organizations might miss, including in sectors where descrimination might be prevalent but not widely known.…”

Section: Part Iii: Policy Implementation: Standardizing Enforcement D...mentioning

confidence: 99%

Public Comment for FTC's Commercial Surveillance ANPR

Sivan‐Sevilla¹,

Nissenbaum²,

Parham³

2022

Preprint

View full text Add to dashboard Cite

These comments, respectfully submitted in response to the Federal Trade Commission’s (FTC) advanced notice of proposed rulemaking (ANPR) on the prevalence of commercial surveillance and data security practices that harm consumers, are based on selected research findings – our own and others. They are organized into four Parts. Part I drives a stake through the heart of direct-to-consumer consent-based approaches, arguing that notice and consent, transparency and choice, and privacy policies are not only ineffective; they may constitute “unfair and deceptive” practices. Part II addresses questions about data minimization, purpose limitations and sectoral approaches, vulnerable populations, and costs and benefits by drawing on the theory of privacy as contextual integrity (CI) (Nissenbaum, 2009). Part III discusses questions on the role of third party intermediaries in the enforcement process and facilitation of new disclosure rules, mechanisms to require/incentivize companies to be forthcoming about their data practices, and the role of civil rights agencies. Part IV suggests an adaptive regulatory model for the FTC through three regulatory learning cycles that can help the Commission account for changes in business models of surveillance-based industries.

show abstract

mentioning

confidence: 99%

The civic transformation of data privacy implementation in Europe

Borohovich¹,

Newman²,

Sivan‐Sevilla³

2022

Preprint

View full text Add to dashboard Cite

Recent data protection laws in the EU institutionalize NGO engagement with regulators and enable new mechanisms for bottom-up policy implementation. We study thirteen European NGOs and map their contribution to policy implementation based on a novel typology for understanding their scope (national vs. transnational) and goals (direct vs. strategic) of actions. We ask how NGOs vary in their contribution to data privacy implementation in Europe? What are the implications of those variations for differentiated policy implementation and EU problem-solving capacity? Through analyses of NGOs’ news articles and GDPR complaints, we find that NGOs converge toward privileging a transnational strategic civic enforcement model, using pan-European privacy cases to alter policy implementation, over individual citizen advocacy and empowerment at the national level. Civic engagement has served to mitigate cross-border policy implementation disparities, while preserving considerable regulatory discretion nationally. Integrating NGOs into the analysis of differential policy implementation of data protection helps shed light on the evolving nature of civil liberties in Europe.

show abstract

Enforcing European Privacy Regulations from Below: Transnational Fire Alarms and the General Data Protection Regulation^*

Cited by 6 publications

References 54 publications

The civic transformation of data privacy implementation in Europe

The civic transformation of data privacy implementation in Europe

Public Comment for FTC's Commercial Surveillance ANPR

The civic transformation of data privacy implementation in Europe

Contact Info

Product

Resources

About

Enforcing European Privacy Regulations from Below: Transnational Fire Alarms and the General Data Protection Regulation*

Cited by 6 publications

References 54 publications

The civic transformation of data privacy implementation in Europe

The civic transformation of data privacy implementation in Europe

Public Comment for FTC's Commercial Surveillance ANPR

The civic transformation of data privacy implementation in Europe

Contact Info

Product

Resources

About

Enforcing European Privacy Regulations from Below: Transnational Fire Alarms and the General Data Protection Regulation^*