An examination of corporate privacy management in the United States, Germany, Spain, France, and the United Kingdom, identifying international best practices and making policy recommendations.
Barely a week goes by without a new privacy revelation or scandal. Whether by hackers or spy agencies or social networks, violations of our personal information have shaken entire industries, corroded relations among nations, and bred distrust between democratic governments and their citizens. Polls reflect this concern, and show majorities for more, broader, and stricter regulation—to put more laws “on the books.” But there was scant evidence of how well tighter regulation actually worked “on the ground” in changing corporate (or government) behavior—until now.
This intensive five-nation study goes inside corporations to examine how the people charged with protecting privacy actually do their work, and what kinds of regulation effectively shape their behavior. And the research yields a surprising result. The countries with more ambiguous regulation—Germany and the United States—had the strongest corporate privacy management practices, despite very different cultural and legal environments. The more rule-bound countries—like France and Spain—trended instead toward compliance processes, not embedded privacy practices. At a crucial time, when Big Data and the Internet of Things are snowballing, Privacy on the Ground helpfully searches out the best practices by corporations, provides guidance to policymakers, and offers important lessons for everyone concerned with privacy, now and in the future.