By: Xiaowei Yu
Commercial surveillance pervasively compromises data privacy by tracking consumers without meaningful consent or knowledge, yet there is no consensus on when data privacy laws should intervene. The crux lies in the standard of identifiability, which functions as the threshold trigger for when regulation is permissible. Ascertaining the identifiability of information is therefore critical to consumers, companies, and regulators, who must understand, comply with, and implement data privacy laws. As this Article shows, the world’s key privacy jurisdictions—the European Union, United States, and China—continue to struggle in similar ways with inadequately defining and inconsistently applying the concept of identifiability.
This Article generalizes from the transnational convergence and refers to it as “the identifiability problem.” Recognizing the identifiability problem reveals an overlooked phenomenon across jurisdictions. Besides, it lays a factual foundation for synthesizing international efforts into solving the threshold issue of data privacy law. Moreover, it calls forth a normative inquiry. Whether we can justify the use of identifiability as the threshold for regulation is the first and foremost task prior to revising identifiability or abandoning it.