Specifics of legal regulation of electronic data circulation in the United States: prospects for approximation of experience
DOI:
https://doi.org/10.61345/1339-7915.2024.6.10Keywords:
electronic data circulation, legal regulation, data privacy, data security, federal regulations, data protection, enforcement mechanisms, data governance, international data regulation, sector-based approach, privacy rights, consumer protection, cybersecurity, legal harmonization, global data governance, data processors, data controllers, risk managementAbstract
The article is devoted to the study of the specifics of legal regulation of electronic data circulation in the United States, focusing on the structure, scope, and practical implications of federal and state legislative frameworks. Attention was given to key federal regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach- Bliley Act (GLBA), and the Electronic Communications Privacy Act (ECPA), which collectively establish sector-specific standards for data privacy and security across healthcare, financial, and communications sectors.
Investigated were the mechanisms of practical implementation and enforcement associated with the U.S. data circulation regulations, highlighting the roles of federal agencies, including the Federal Trade Commission (FTC), Federal Communications Commission (FCC), and the National Institute of Standards and Technology (NIST). The analysis revealed that these agencies, operating under distinct legislative mandates, significantly influence organizational compliance by issuing prescriptive guidelines, initiating enforcement actions, and promoting voluntary standards such as the NIST Cybersecurity Framework.
Found out were key differences and similarities between the U.S. data protection model and international data regulation frameworks, with comparative analysis focusing on the European Union’s General Data Protection Regulation (GDPR) and emerging regulations across Asian jurisdictions. The investigation revealed that while the U.S. approach is characterized by a sectoral, decentralized structure favoring industry-specific solutions, the EU emphasizes comprehensive, rights-based data protection enforced through harmonized legislation.
Substantiated were recommendations for harmonizing data circulation laws while respecting local legal traditions and socio-economic contexts, emphasizing the importance of adopting a balanced approach that preserves fundamental rights without impeding technological progress. Proposed strategies included fostering international cooperation through bilateral and multilateral agreements, adopting hybrid regulatory models that combine U.S. sector-based principles with comprehensive privacy statutes, and enhancing the role of global standards bodies in shaping best practices.
References
Bamberger, K.A., & Mulligan, D.K. (2011). Privacy on the Books and on the Ground. Stanford Law Review, 63(2), 247–315. Retrieved from: http://www.jstor.org/stable/41105400 [in English].
Caballero, T.G. (2024). Promoting Due Diligence: The Role of the Gramm-Leach-Bliley Act and Information Security Standards on Financial Institutions Protecting Consumers’ Non-Public Personal Information (NPI). 2024 Spring Honors Capstone Projects, 23. Retrieved from https://mavmatrix.uta.edu/cgi/viewcontent.cgi?article=1023&context=honors_spring2024 [in English].
Nicholas F. Palmieri III, Who Should Regulate Data?: An Analysis of the California Consumer Privacy Act and Its Effects on Nationwide Data Protection Laws, 11 Hastings Sci. & Tech. L.J. 37 (2020). Retrieved from: https://repository.uclawsf.edu/hastings_science_technology_law_journal/vol11/iss1/4 [in English].
Solove, D.J., & Hartzog, W. (2014). The FTC and the New Common Law of Privacy. Columbia Law Review, 114(3), 583–676. Retrieved from https://columbialawreview.org/wp-content/uploads/2016/04/Solove-Hartzog.pdf [in English].
Bowen, P., Hash, J., & Wilson, M. (2006). Information Security Handbook: A Guide for Managers. NIST Special Publication 800-100. National Institute of Standards and Technology. Retrieved from: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-100.pdf [in English].
Mylavarapu S. (2024). The Zero Trust Security Model and Cybersecurity in the Industries. Journal of Student Research, 13(1). Retrieved from: https://doi.org/10.47611/jsr.v13i1.2370 [in English].
About the Federal Trade Commission. FTC. Retrieved from: https://www.ftc.gov/about-ftc [in English].
Kuner, Christopher, Transborder Data Flows and Data Privacy Law (2013). Oxford. Retrieved from: https://academic.oup.com/book/5440 [in English].
Graham Greenleaf, The influence of European data privacy standards outside Europe: implications for globalization of Convention 108 (2012). International Data Privacy Law, Volume 2, Issue 2, pp. 68–92. Retrieved from: https://academic.oup.com/idpl/article-abstract/2/2/68/755358?redirectedFrom=fulltext [in English].
Schwartz, P.M., & Peifer, K.N. (2017). Transatlantic Data Privacy Law. Georgetown Law Journal, 106(1), 115–179. Retrieved from: https://www.law.georgetown.edu/georgetown-law-journal/wp-content/uploads/sites/26/2019/10/Transatlantic-Data-Privacy-Law_Schwartz-and-Peifer.pdf [in English].
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Andriy Olefirenko
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
