Data Protection Law:
Approaching its Rationale, Logic and Limits
by L A Bygrave
Kluwer Law, 2002
Dr Charles Oppenheim
This 420-page hardback is part of the well-established Kluwer Information Law series, and offers the usual high standard of presentation that this series enjoys.
The title on its own is misleading, but the sub-title 'Approaching its Rationale, Logic and Limits', provides a better description. This is not a textbook for those wishing to know what the law does, or does not allow. It is a well-researched account of the philosophy of data protection (primarily in the EU and to a lesser extent in the USA) and its relationship to privacy. It also considers two areas where data protection law is inconsistently applied, namely the protection of organisations (as opposed to individuals), and the use of profiling. Throughout, the author bases his arguments upon extensive and impressive research.
2. Minor Criticisms
It is surprising that the author did not examine the possibly dubious argument that the European Commission presented when it first introduced its draft Directive that inconsistent data protection laws were harming the single market, and instead assumes that the whole business was triggered by a concern for individual privacy - something which strictly speaking the EU, as an economic union, should not have been concerned with.
There is a misleading statement on page 70 that implies that the USA has a federal data protection law.
Despite the fact that Lee Bygrave is Australian, and therefore presumably English is his native language, the language employed is often awkward (for example, 'nevertheless, it is scarcely to be overlooked that implementation'*).
Whilst the lengthy discussion on the possibility of data protection for collective entities is of theoretical interest, the author seems not to recognise that there is absolutely no push to move data protection laws to cover such entities, and nor is there likely to be in the near future. This makes the entire essay on this theme an interesting, but an entirely theoretical one. There is surprisingly little analysis of data subject rights and how they differ across countries as well.
3.Indexing and Bibliography
The book is supported by an excellent index and (for once in a Kluwer book) a well-constructed and comprehensive bibliography of references (though curiously, it is called 'Select Bibliography', which implies there has been weeding).
Unfortunately, some of the footnotes spread across two pages and should have been re-formatted so that they only appeared on the page that they referred to. Some of the footnotes include quotations in Norwegian or German, which is hardly helpful for most readers. There is a curious statement on page 357 that: 'No attempt is made here to interpret the proper ambit of the above exceptions; such an analysis would quickly turn into a quagmire of speculation*', when that is exactly what the author is doing in much of the book. It seems maybe the author just ran out of steam at that point.
This is a book aimed squarely at the legal researcher, academic or student. It is of little interest to the practitioner. For those wishing to learn about the rationale behind data protection and the consistency (or lack of it) with which the law has been applied, and in seeing how the concept gets tested at its limits, the book can be recommended.
This is a Book Review published on 4 July 2003.
Citation: Oppenheim, C, 'Data Protection Law: Approaching its Rationale, Logic and Limits' by L A Bygrave, Book Review, The Journal of Information, Law and Technology (JILT) 2003 (1) <http://elj.warwick.ac.uk/jilt/03-1/oppenheim1.html>. New Citation as at 1/1/04: <http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2003_1/oppenheim1/>.