Please join us for the Information Science Colloquium with guest, Deidre Mulligan, Assistant Professor at the School of Information at UC Berkeley, and a Faculty Director at the Berkeley Center for Law & Technology. Prior to joining the School of Information, Mulligan was a Clinical Professor of Law and the founding Director of the Samuelson Law, Technology & Public Policy Clinic at the UC Berkeley School of Law (Boalt Hall).   She is the Policy Lead for the NSF-funded TRUST Science and Technology Center, which brings together researchers at U.C. Berkeley, Carnegie-Mellon University, Cornell University, Stanford University, and Vanderbilt University. Prior to joining academia she served as staff counsel at the Center for Democracy & Technology in Washington, D.C.  Mulligan’s current research agenda focuses on information privacy and security. Current projects include comparative, qualitative research to explore the conceptualization and management of privacy within corporations based in different jurisdictions, and policy approaches to improving cybersecurity. Other areas of current research include exploring users' conceptions of privacy in the online environment and their relation to existing theories of privacy.  She is chair of the board of directors of the Center for Democracy and Technology, and co-chair of Microsoft's Trustworthy Computing Academic Advisory Board.

Title: Privacy in Europe: Initial Data on Governance Choices and Corporate Practices.

Abstract: Privacy governance is at a crossroads.  In light of the digital explosion, policymakers in North America and Europe have commenced a wholesale process of revisiting regulation of the corporate treatment of information privacy.  These efforts, however, have lacked critical information necessary for reform.  Scholarship and advocacy around privacy regulation has focused almost entirely on law “on the books”—legal texts enacted by legislatures or promulgated by agencies while ignoring privacy “on the ground” – the ways in which corporations in different countries have operationalized privacy protection in the light of divergent formal laws; interpretive, organizational and enforcement decisions made by local administrative agencies; and other jurisdiction-specific social, cultural and legal forces. 

This article is the third documenting a project intended to fill this gap.  Using qualitative empirical inquiry—including interviews with and surveys of corporate privacy officers, regulators, and other actors within the privacy field—we examine how privacy is understood and reflected in corporate practice, and the combination of social, market, and regulatory forces that drive corporate interpretations and actions.  Building on the first two articles which examined corporate behavior in the United States, this article presents the first analysis of research in three EU jurisdictions: Germany, Spain, and France. Not surprisingly for those familiar with privacy protection in Europe, our work reveals widely varying privacy landscapes. Equally striking, however, are the similarities between corporate behavior in Germany—often held out as the high water mark on privacy—and the U.S.  Exploring the similarities and differences across these four jurisdictions our work broadens the privacy inquiry, revealing how various elements in the privacy “field” configure to shape corporate behavior within and across them.  We explore the substantive and structural details of national implementation of the EU directive, as well as other legal mandates, characteristics of national corporate structure, and societal factors, such as the roles of the media and other citizen, industry, labor, or professional organizations that determine the “social license” governing corporate actions.  In conclusion, we outline two elements of a new account of privacy’s development.  First, we offer a preliminary analysis of which elements of the privacy field fostered, catalyzed and permitted the most adaptive responses in the face of novel challenges to privacy.  Second, we consider the role of expert networks in diffusing knowledge and approaches to privacy management across jurisdictions in the shadow of different choices about the form and timing of privacy regulation.  Our comparative analysis yields novel insight into how regulatory choices interact with other aspects of the privacy field to shape corporate behavior, offering important insights for all participants in policy debates about the governance of privacy. 

Information Science Colloquium talks are free and open to the public. 

A reception will be held immediately after.