Data Privacy Law: Comparison Between the United States and Saudi Arabia

Introduction

The rapid rise in the use of personal data in internet-based applications has generated privacy concerns worldwide (Bellia, 2008). Therefore, because of this reason policymakers across different countries are pushing for awareness regarding the allure of harmonizing privacy laws. However, one of the primary challenges with privacy laws from an international viewpoint is that Internet is nearly borderless and statutory approaches vary between states. This paper presents a practical comparison between current privacy law in the United States and the Saudi Arabia, as such laws relate to regulations of data from websites and online service providers.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

From a technology standpoint, the fundamental nature of the internet drastically lessens the significance of geography and permit regional business contacts and trade to be performed with ease (Bronk & Tikk-Ringas,2013). However, from a legal viewpoint, geography remains to wield significant influence. Therefore, firms or managers seeking to gain competitive advantage through the use of web-based systems often find themselves upset or discouraged by different and often divergent expectations concerning privacy in different nations across the globe. Currently, legislator and companies find it challenging to balance between the rapidly interconnected characteristic of web-based transactions which often depend on customer personally identifiable information with regional differences in privacy laws. Therefore, understanding the variations in governing approaches perhaps is critical to successfully managing data privacy in a world market that relies on local border information streams, more so when the monitoring and legislative strategies of other countries are more obstructive. Data privacy challenge can be attributed to numerous factors such as cultural values, legal threats, and privacy perceptions. According to Bygrave (2014), privacy perceptions and cultural values vary among nations, and these perceptions and values are often intertwined with and, therefore, wield a significant influence over differing legal settings. Casey (2011), contend that it is impossible to understand the privacy concerns in the United States of America and Saudi Arabia without understanding how history gas influenced both the US and Saudi Arabian values.

Data Privacy Laws in the United States of America

In the United States of America, there is no single, complete federal law regulating the collection and use of individual or personal data (Giannotti & Pedreschi, 2008). However, each House of Representative proposed various data privacy bills to standardize requirements at a national level for each Congressional term. Consequently, the United States system of federal laws and regulations are sometimes patchworked that often contradict, overlap and dovetail each other. Additionally, there are numerous rules and regulations established by federal agencies and firms that do not promulgate the law but are part of self-regulatory guidelines and agendas that are perceived as best practices. On the other hand, these self-regulatory agendas comprise of accountability and enforcement mechanisms that are rapidly being used as an instrument for implementation by watchdogs (Weiss & Archick, 2016). Currently, various state privacy-related laws in the United States control the use and collection of personal data. For example, some are useful in electronic communications, health information and financial. Similarly, some are applied in activities that need access to personal information such as commercial e-mail and telemarketing. Subsequently, there are extensive consumer safety regulations that are not considered as privacy laws(Weiss & Archick, 2015). Further, the consumer protection laws have been used to prescribe deceptive and unfair business practices involving the release of, as well as security measures for safeguarding personal data.

Today, there is no complete privacy protection law in the United States for transactions done over the internet unless with some significant requirements. No provision in the US requires online service and commercial website providers to keep private policies. However, if online service, as well as business website provider, agrees to follow the privacy policies, then they are often subject to litigation by the Federal Trade Commission if they fail to adhere to their company's prescribed privacy goals and practices. According to Federal Trade Commission, it is quite deceptive and unfair for firms to go against its privacy practices and policies. It is because of this reason that FTC has issued a call for the arrest of deviant companies' leadership in the field of online and website services.

In the United States internet is unregulated. However, some privacy protection laws are needed as previously stated. Therefore, because of such situation, users in the United States guard themselves by being selective in the kinds of data or information to discrete and also which internet platform they disclose the information or data. Moreover, the private companies or groups in the US have tried to ensure the privacy of their clients are maintained through pursuing non-governmental instruments, for example, P3P, third-party seals and confrontational publicity which has disenchanted the invasions of privacy by software and hardware developers.

According to the laws and regulation of US data privacy, it defines personal information or data privacy as an idea which there is no accord. Further, the version of 2003 OPPA section 8(8) describes individual information as including, email address, telephone number, social security number, first and last name and any other identifier that the FTC perceive would help in identifying a person. In the US, PII does not necessarily mean private information, although it is subjective and recognizing. The government argues that an individual phone number or name is individually personal; however, it is not usually private data or information. One of the primary challenges that the US government faces today is to define what online privacy constitutes. It is because of existing studies that combined both the private and public classification of PII. Greenleaf (2011) argues that the compiling a list of hemophiliacs, socialist and Jews is often perceived by most people as disastrous whereas the combination of phone numbers and names of dwellers of a town in a single book is not regarded as particularly alarming by the majority. Due to this fact, most of the internet users are reluctant to disclose their financial and health information as well as their social security number and their home address, age or name.

In US violation of state or federal privacy laws lead to civil penalties and not criminal sentences, with an exemption on provisions regarding computer crimes and surveillance activities. Greenleaf (2012) inferred that individual breaches of the federal Electronic Communications Privacy Act (ECPPA) often leads to civil liability and criminal proceedings. Furthermore, a majority of the states have legislated surveillance laws such as criminal proceedings as well as public responsibility for violations.

On the other hand, US Department of Justice is mandated to prosecute grave HIPAA desecrations legally. For example, the DOJ may put up a criminal proceeding on an individual who intentionally abuses provisions on accessing and discretion of lawfully cognizable health data. The ECPA comprising of the Stored Communications Act, Wiretap Act, and Pen Register Act regulates the interception of communications at the federal or state level. Similarly, the state CFAA also proscribes specific surveillance activities. However, it mainly focuses on regulating other computer-related activities such as hacking. Most states have provisions that control and monitor the interception of communications at the federal level. On the other hand, few laws or regulations specifically focus on the usage of electronic marketing and the available rules are relevant to the specific marketing channel in question. The Act of 2003 Controlling the Assault of Non-Solicited Pornography and Marketing often regulates commercial e-mailing.

Also, the Telephone Consumer Protection Act of 1991 also known as (TCPA) and the Telemarketing Consumer Fraud and Abuse Prevention Act controls Telemarketing at the state or federal level. Apart from the laws and provisions describe above, there are numerous other state and federal laws that govern privacy data or issues such as national information security regulations and requirements that apply to children information, consumer report information, civic government activities, driver's information and video rental records.

Therefore, because the United States do not have a clear information protection regulations and provisions, there is no single definition of sensitive information or data that is subjects to discriminating ideals. However, there are specific types of data that usually focus on more strict guidelines such as consumer report data, security breach notification, health information and background screening data.

Data Privacy Laws in Saudi Arabia

According to some experts, the age of cloud computing has attained its maturity level making it ripe for full commercial exploitation (Tene,& Polonetsky, 2012). However, in Saudi Arabia, there are no specific data privacy laws. Although some existing literature or surveys of data protection laws suggest otherwise, privacy requirements do exist in Saudi Arabia and are very relevant to firms operating there or seeking to offer services to customers in Saudi Arabia. Despite Microsoft and Google continuous investment of billions in Cloud R& D technology annually, different industries operating in Saudi Arabia are confronted with legal concerns to make use of this technology owing to the legal space (Tene,& Polonetsky,2012). Consequently, lack of specific provisions on data privacy leaves Saudi Arabian adjudicatory bodies and courts with the vast option to handle data privacy violations declarations under common sharia doctrines. Further, lack of a central location where arbitrator's group's verdicts are reliably indexed and collected as well as the absence of binding precedent system only makes the state of affairs more difficult. In Saudi Arabia, most of the laws relating to the safety and inviolability of individual personal information are captured in some legislative instruments. For example, the constitution of Saudi Arabia also known as The Basic Law of Governance safeguards the privacy of individuals by declaring that labor, capital, and property are primary components of the social and economic structure of the Kingdom. According to Islamic Sharia, the principal components are individual rights which satisfy a social role. Furthermore, the 2007 Anti-Cyber Crime Law bar the interception of information conveyed on a data network whereas Telecommunication Act of 2001 expounds sanctions for breaches of discretion in the communications sector (Horvitz & Mulligan, 2015). Additionally, guidelines, enlisted by Saudi Arabian Monetary Agency, for Fiscal Consumer Protection states that consumers personal information and financial data should be guarded through proper control and protection instruments by financial institutions.

On the other hand, the recent issued Draft Law of E-Commerce System by the Ministry of Industry and Commerce in Saudi Arabia also call for vendors (Smith et al. 2011). To save the individual data of the buyer, and any personal communications records with the customer, confidential even if the information is with the client or is already transferred to the company's employees or agents. Moreover, the draft law ensures that the vendor or the seller is liable f...