Investigator:

Jan Czarnocki

Abstract:

The project aims to analyze and compare sensitive data protection in the EU and US, to improve understanding of the legitimacy of data processing and reasonable expectations of privacy in both jurisdictions. Since privacy and data protection might be the limiting factor to spearheading socio-economic cooperation in the digital sphere between the EU and the US, there is a need for a better mutual understanding of the limits of respective legal frameworks. These limits reveal themselves when privacy and data protection needs to grant the highest possible level of protection. Such a need is pertinent when sensitive data is processed. Sensitive data such as biometric, health, genetic, religious and philosophical beliefs, racial or ethnic origin, or data about sexual life are critical for privacy and other fundamental rights protection. To what extent and how sensitive data is protected signifies what the highest possible privacy and data protection level in a given jurisdiction is. Therefore, comparing the EU and the US framework for sensitive data protection may reveal crucial similarities and differences between both legal cultures of privacy and data protection. Such an inquiry is also important to better understand legitimate processing and what to reasonably expect regarding data protection in the EU and the US in general. First, the paper describes and analyzes the EU and US sensitive data protection frameworks. Then, it compares them, focusing on similarities in their scope and content. Later based on the outcomes of the previous analysis, it sketches what is legitimate and what to reasonably expect regarding special categories of data processing on both sides of the Atlantic, and finally, what it implies for future cooperation.