“You Have the Data” . . . The Writ of Habeas Data and Other Data Protection Rights: Is the United States Falling Behind?

Sarah L. Lode

Amidst a global trend of protecting individuals from unnecessary invasions of privacy and in a world culture where nations are finding more innate rights of privacy than ever before, is the United States trailing in the protection of its citizens’ personal data? When looking at changing legislation and constitutions across the globe, it is hard not conclude that the United States could learn a thing or two in the way of personal data protection: specifically, how to better protect personal medical records, treatment data, and other health-related information. American citizens are given seemingly little or no control over the use, dissemination, and storage of their personal data—this is especially apparent when United States’ legal footwork is compared with several other parts of the world. Although the United States enacted the Health Insurance Portability and Accountability Act (HIPAA) (which was passed in 1996 and is rarely updated) to provide some protection of medical data, along with several other topical data protection statutes and acts, the United States’ ad hoc approach does little to protect citizens’ personal data, which is becoming the norm in other parts of the world. Internationally, citizens are provided, and sometimes constitutionally guaranteed, avenues to challenge the use, collection, and storage of their personal data by governmental and private agencies alike. Other world citizens have access to a variety of rights and writs that allow an individual to control the use, distribution, and storage of his personal information. These rights include the writ of habeas data, the right to be forgotten, the right to erasure, the right to stop processing, and the right to access. With the goal of further understanding the changing international climate regarding personal data protection, this Note will not only discuss the past and current laws in several countries and regions—specifically Latin American countries and the European Union—but will attempt to harmonize these changing international data protection norms in a way that could allow the United States to build its own comprehensive data protection scheme. While the international trend towards more personal data protection covers a wide variety of personal data, this Note will focus predominately on the protection of personal medical records as a case study and starting point from which to propose a more comprehensive solution for reforming United States legislation.

Full article available here.