Raising the Stakes Creating an International Sanction to Generate Corporate Compliance with Data Privacy Laws

In the current framework of human rights, data privacy is finding its home as an independent human right, separate from its historical home under the umbrella of general privacy. However, there is no consistent system or standard for defining this right, and different regions require substantially different levels of protection. This inconsistency has allowed for corporations, by way of their executive officers, to avoid or completely ignore the requirements imposed by many countries. Moreover, the penalties in many regions are not severe enough to incentivize corporations to change their behavior. The lack of a truly global system and standard for enforcing this right, and the specific lack of pressure on the officers that direct corporate policy, has allowed data privacy violations to go severely under-checked.

This Note seeks to provide a novel solution for tackling corporate holdup in complying with data privacy laws. This Note examines the historical roots of data privacy as a human right, discusses its similarity to resources that have been considered public utilities, and provides examples of instances where the right to data privacy has been ignored by corporate officers. By modifying the United Nations’ existing sanction procedure and jurisdiction, this Note proposes that the United Nations would be able to target corporate officers individually for their roles in data privacy violations. By leveraging personal liability for noncompliance, the United Nations could generate a global sense of accountability to the modern, human right to privacy in one’s personal data.