Can EU Regulation Preserve (or Resurrect) Privacy in the Electronic Era?

Privacy, we are repeatedly told, is a thing of the past, an outdated anachronism from a pre-digital age. After Edward Snowden’s revelations, with the avenues for social sharing (voluntary or otherwise) proliferating, and ever more intrusive levels of surveillance typified by facial recognition software or Google Glass apparently on the way, the prospects for personal privacy can seem bleak.

EU proposals for a revised approach to privacy and data protection, complete with a right to be forgotten online, represent an attempt to preserve – or resurrect – privacy in the face of these threats. These proposals have prompted significant criticism – and extensive lobbying – from technology providers who contend that they are unjustified, repressive and likely to be unworkable.

Drawing on a law and behavioural sciences approach, this paper examines both the legitimacy and effectiveness of the proposals. It contends that the regulations are justified by the cognitive limitations that undermine the efficacy of the previous choice-or-consent models of privacy regulation. However, it also suggests that the proposals represent only a crude initial attempt at regulation and that a strategy which took more account of insights from the behavioural sciences offers a better prospect of preserving – or resurrecting  - some degree of privacy in the future.