Dennis D. Hirsch of Capital has written In Search of the Holy Grail: Achieving Global Privacy Rules Through Sector-Based Codes of Conduct, 74 Ohio St. L.J. (2013). Here is the abstract:
The movement of personal data across national borders is fundamental to the Internet economy. Yet the laws that govern such data flows remain national or, at best, regional. This mismatch weakens privacy protection, increases costs and uncertainty for business, creates tension and political strife between major trading partners such as the US and the EU, and confronts global privacy managers with difficult challenges. These problems have made the harmonization of national and regional privacy laws a very hot topic in privacy law and policy today. Several initiatives have sought to achieve such harmonization, but none has proven satisfactory.
This article proposes a relatively simple and elegant solution: internationally-approved, industry codes of conduct. The European Union and the Asia-Pacific Economic Cooperation (APEC) organization have each established privacy rules for their respective region. The proposed solution would take advantage of these existing arrangements. It would work as follows. An industry sector would draft a privacy code of conduct that fulfilled the core requirements of the EU and APEC regional privacy regimes. It would then submit the same code to the relevant authority in each system. If each approved the terms of the code, then firms that met those terms could feel quite confident that their activities complied with EU and APEC-region legal requirements. The approved code would function as a nearly global set of privacy rules.
The Article provides a fuller exposition of this proposal, situates it in regulatory theory, and explains how it fits with current legal frameworks. It shows that existing privacy law regimes already contain many of the pieces needed to support the proposed approach. It identifies the legal reforms that will be required in order to make this solution work, and so to come closer to that Holy Grail of privacy law: harmonized, global privacy rules.