Sustainable Data Privacy Protection in Commercial Practices - Commercial Aspects on the Data Privacy Protection of Individuals in the European Union Compared to the United States, and Technical Implications

Sammanfattning: Individuals as consumers in the EU and the U.S. are increasingly utilizing data collecting solutions on a daily basis to benefit from smart and efficient lifestyles. By providing personal data directly or indirectly to data service providers, processors or controllers; commercial actors have advantageous possibilities to track, obtain, process, monitor, transmit, and store personal data to improve businesses based on consumer behavior. The processing of personal data in and between the EU and the U.S. is a critical issue that threatens the fundamental right to privacy and data privacy. Individuals lack the ability to control personal data, and are not fully able to consent to what functionalities or operators that can obtain the personally attributed information. The commercial data practices for processing personally attributed data need more sustainable solutions in order to maintain an appropriate exchange of personal data, and the prospering of innovation and economical growth in and between the EU and the U.S. This thesis argues that commercial actors, as in data providers, processors and controllers, shall consider a sustainable and eco-system thinking strategy when conducting or developing data practices in the EU and/ or the U.S. It is also argued that individuals as data subjects must correspondingly be better informed and aware of their right to data privacy. In order to formulate sustainable data processing practices and compliance within the commercial sector, there are three major underlying factors that must be analyzed. (1) In order to protect data privacy, individuals and commercial actors must understand why it is important to protect privacy, and the importance of sustainable data development. Secondly, (2) the legal protection of data privacy in and between the EU and the U.S. must be evaluated whether they are protecting individuals’ privacy sufficiently. Finally, (3) to implement practically applicable data compliance practices among commercial actors, the technical solutions must be adjusted and analyzed in order to see how sustainable data privacy protection best can be managed. International frameworks and policy-making, national regulators, and law enforcement mechanisms can serve as guidelines and supervising entities. Thus, this thesis set forth that the best protection of data privacy is a matter of the relationship between the individuals and the commercial actors. Sustainable data privacy protection must derive from incentives among business actors, and be addressed on a narrow scale with understanding of the importance of sustainability.