Public–Private Interactions in Privacy Governance

Abstract

This paper addresses the possible roles of private actors when privacy paradigms are in flux. If the traditional “informed consent”-based government-dominated approaches are ill-suited to the big data ecosystem, can private governance fill the gap created by state regulation? In reality, how is public–private partnership being implemented in the privacy protection frameworks? This paper uses cases from APEC’s Cross-Border Privacy Rules (CBPR) and the EU’s General Data Protection Regulation (GDPR) as models for exploration. The analysis in this paper demonstrates the fluidity of interactions across public and private governance realms. Self-regulation and state regulation are opposing ends of a regulatory continuum, with CBPR-type “collaboration” and GDPR-type “coordination” falling somewhere in the middle. The author concludes that there is an evident gap between private actors’ potential governing functions and their current roles in privacy protection regimes. Looking to the future, technological developments and market changes call for further public–private convergence in privacy governance, allowing the public authority and the private sector to simultaneously reshape global privacy norms.