Is Convergence Feasible Under the GDPR and Would Such Convergence Be Optimal for the U.S. and China?

Abstract

This thesis examines whether convergence in data privacy standards is feasible and if it would be optimal for the U.S. and China to converge under the GDPR. Chapter One establishes that the EU, the U.S., and China developed and maintained distinct conceptions of privacy, but are converging in broadening their definitions of personal information. Chapter Two demonstrates that their disparate understandings of privacy led the three to form different visions that consequently led them to adopt divergent regulatory paths. Chapter Three evaluates the differences and predicts that the GDPR will act as a strong convergence force. The prediction is proven to be correct with Chapter Four finding that there are increasing signs of convergence in key definitions and rights in the legislations of the U.S. and China with that of the EU’s GDPR. Chapter Five analyzes whether it would be optimal for the U.S. and China to converge under an omnibus privacy law like the GDPR. After evaluating both the advantages and drawbacks, this thesis concludes that omnibus laws should be preferred over sectoral laws, yet it would not be in the best interests of both the U.S. and China to converge under the GDPR. A year into the GDPR, privacy advocates are already noticing many unintended consequences and potential loopholes vulnerable to exploitation. The GDPR should, therefore, be used only as a benchmark for the development of future privacy standards that can be relied on irrespective of new technologies. This thesis suggests that updating the core elements established by the Council of Europe Convention 108 and the OECD is a reasonable place to start, and that further efforts of international cooperation is imperative for the future development of a privacy standard that accommodates the inherent differences pertinent to privacy around the world.