The regulation of personal data varies hugely across countries and sectors, research funded by the Economic and Social Research Council (ESRC) reveals.
The study, which was conducted by Professor Andreas Busch of Oxford University, examined privacy regulations in four countries across three different areas - the use of Closed Circuit TV cameras in public places; Radio Frequency Identification Technology chips in consumer goods, such as electronic toll collection tags; and the introduction of biometric features in passports and identity cards. The policies in the United Kingdom, United States, Germany, and Sweden were all examined.
Despite having similar political systems and using new technologies in similar ways, the use of regulations varied significantly. "Generally speaking, the UK, US, Germany, and Sweden would at first glance appear to have a common perspective on 'privacy policies'. However, in reality the way in which the regulations are implemented changes both the amount and type of personal data that is kept in each country." said Professor Busch.
The researchers found that privacy regulation is highly dependent on local context and the particular institutional arrangements in each country. For example, British citizens are resistant to identity cards but largely unconcerned about CCTV, while German citizens worry about CCTV but have been carrying machine-readable identity cards for decades without problems.
Overall, the political debates on different areas of privacy regulation were found to vary substantially between countries, with biometric identity documents generating the highest levels of controversy. The extent of political discussions seemed to depend on citizens' varying levels of trust in the state, which were found to be highest in Sweden.
The study also found that differences between political parties had little impact on regulatory policy, and it was variations in political institutions which played a decisive role in determining outcomes. In Britain's highly centralised state, the Information Commissioner's Office has less influence on policy making than in Germany, where regulators operate in a more fragmented federal structure which gives them more points for access. In addition, the early institutionalisation of data protection commissioners and agencies in Germany has led to regulators long making a significant contribution to public debate, while the UK's Information Commissioner has only more recently been taking on a similarly high-profile role.
The research showed that events such as the terrorist attacks of 9/11/2001 have had a significant impact on privacy regulation. Heightened security measures were a direct result of these attacks and the response from politicians in a number of policy areas, with decisions taken at the European level resulting in common solutions which were then implemented at a national level.
"The project has established substantial knowledge about the regulation of privacy and how the established systems of data protection reacted to the challenges posed by new technologies. This research shows us that regulations often come about as a result of a political agenda and not from technological advancements." added Professor Busch.
Explore further: Public startups boom under JOBS Act, study shows