A NEW FRONTIER: THE CHALLENGES SURROUNDING THE DEEPENING IMPACT OF DATA PROTECTION REGULATIONS ON BANKRUPTCY LAW
Sažetak
Notwithstanding the unprecedented and global prestige that data privacy (or data protection, in Europe) law has gained in the 21st century, comparative analyses of the effects flowing from the intensifying impact of data protection law on bankruptcy (insolvency) law remain unexplored. In addition to canvassing the history and contours of the data protection–bankruptcy law interface, through an empirical com- parison of available court and data protection agency (authority) cases in multiple jurisdictions, this article fills this gap by identifying and exemplifying various modalities through which data protection law interferes with the bankruptcy process or creates tensions between the two branches of law, based on the comparison of available court and data protection authority (agency) cases in Europe (including the United Kingdom), the United States, as well as Canada and China, as middle-ground systems.
Reference
BIBLIOGRAPHY
BOOKS and BOOK CHAPTERS
Beširević, V., A Short History of Brexit, in: Ilić, T., Božić, M. (eds.), 2020, NOMOPHYLAX: Collection of Papers in Honor of Srđan Šarkić, Belgrade, PFUUB & Službeni glasnik, pp. 621–645.
Beširević, V., The Constitution in the European Union: The State of Affairs, in: Dupeyrix, A., Raulet, G. (eds.), 2014, European Constitutionalism. Historical and Contemporary Perspectives, Brussels, Peter Lang, coll. Euroclio, pp. 15–35.
Bork, R., Zwieten, K. van, 2022, Commentary on the European Insolvency Regulation, 2nd ed., Oxford, OUP.
Bygrave, L., 2014, Data Privacy Law, Oxford, OUP.
Craig, P., Búrca, G. de, 2020, EU Law – Text, Cases, and Materials, 7th UK ed., Oxford, OUP.
Garner, B. A. (ed.), 2009, Black’s Law Dictionary, Deluxe 9th ed. Eagan, West.
Goode, R., McKendrick, E. 2020, Goode and McKendrick on Commercial Law, 6th ed., London, Penguin.
Gullifer, L., Payne, J., 2020, Corporate Finance Law – Principles and Policy, 3rd ed., Oxford, Hart.
Hudson, A., 2009, The Law of Finance, Mytholmroyd, Sweet & Maxwell.
Messmann, S., Tajti, T. (eds.), 2009, The Case Law of Central and Eastern Europe – Enforcement of Contracts, Bochum, European University Press.
Noel, R. F., 1919, History of Bankruptcy Law. Washington, D. C., Chas. H. Potter & Co.
Regan, P. M., The United States, in: Rule, J. B., Greenleaf, G. (eds.), 2008, Global Privacy Protection, Cheltenham, Elgar.
Svetlicinii, A., Enforcement of Contracts in the Republic of Moldova: The Impact of a Slow Transition, in: Messmann, S., Tajti, T. (eds.), 2009, The Case Law of Central and Eastern Europe – Enforcement of Contracts, Vol. 1, Bochum, European University Press.
Tabb, J. C., 2020, The Law of Bankruptcy, 5th ed., St. Paul, West Academic.
Tajti, T., Article 78 – Data protection, in: Bork, Reinhard & van Zwieten, Kristin (eds.), 2022, Commentary on the European Insolvency Regulation, 2nd ed., Oxford, Oxford University Press.
Veder, M., Article 24 – Establishment of insolvency registers, in: Bork, R., Zwieten, K. van (eds.), 2022, Commentary on the European Insolvency Regulation, 2nd ed., Oxford, Oxford University Press.
LAW JOURNAL AND LAW REVIEW ARTICLES
Akselrad, M. R., 2021, The Liquidation of Data Privacy: How and Outdated Bankruptcy Code Threatens Consumer Information, Boston College Intellectual Property & Technology Forum, pp. 1–23.
Baumer, D. L., Earp, J. B., Poindexter, J.C., 2004, Internet Privacy Law: A Comparison between the United States and the European Union, Computers & Security, Vol. 23, Issue 5, pp. 400– 412.
Baxter, M. St. P., 2018, The Sale of Personally Identifiable Information in Bankruptcy, American Bankruptcy Institute BI Law Review, 27, 1–15.
Bennett, S. C., 2012, The “Right to Be Forgotten”: Reconciling EU and US Perspectives, Berkeley Journal of International Law, Vol. 30, Issue 1, pp. 161–195.
Bradley, C. G., 2023, Privacy Theater in the Bankruptcy Courts, Hastings Law Journal, Vol.74, Issue 3, p. 607.
Brimsted, K., Evans, T., 2019, Data subject access requests – Three Illuminating UK Cases, Privacy & D.P., Vol. 19, No. 7, pp. 6–9.
Boyd, V., 2006, Financial Privacy in the United States and the European Union: A Path to Transatlantic Regulatory Harmonization, Berkeley Journal of International Law, Vol. 24, Issue 3, pp. 939–1008.
Búrca, G. de, 2013, After the EU Charter of Fundamental Rights: The Court of Justice as a Human Rights Adjudicator?, Maastricht Journal of European and Comparative Law, 20, pp. 168–184.
Chander, A., Kaminski, M. E., McGeveran, W., 2021, Catalyzing Privacy Law, Minnesota Law Review, 105, 1733–1802.
Cunningham, M., 2013, Diminishing Sovereignty: How European Privacy Law Became International Norm, Santa Clara Journal of International Law, 11, pp. 421–453.
Geist, M., 2002, When Dot-Coms Die: The E-Commerce Challenge to Canada’s Bankruptcy Law, Canadian Business Law Journal, 37, pp. 34–74.
George, E. J., 2018, The Pursuit of Happiness in the Digital Age: Using Bankruptcy and Copyright Law as a Blueprint for Implementing the Right to Be Forgotten in the U.S., Georgetown Law Journal, Vol. 106, No. 3, pp. 905–932.
Greenleaf, G., Cottier, B., 2020, 2020 Ends a Decade of 62 New Data Privacy Laws, Privacy Laws & Business International Report, 163, pp. 24–26.
Gunasekara, G., 2021, Enforcement Design for Data Privacy: A Comparative Study, Singapore Journal of Legal Studies, 1, pp. 19–38.
Halberstam, D., 2015, It’s the Autonomy, Stupid! A Modest Defense of Opinion 2/13 on EU Accession to the ECHR, and the Way Forward, German Law Journal, Vol. 16, Issue 1, pp. 105–146.
Houser, K. A., Voss, G. W., 2018, Gregory, GDPR: The End of Google and Facebook or a New Paradigm in Data Privacy? Richmond Journal of Law and Technology , Vol. 25, No. 1.
Kilborn, J. J., (2023, forthcoming) Law in Books versus Law in Action in the Landmark Shenzhen, China, Personal Bankruptcy Regime, Emory Bankruptcy Developments Journal, Vol. 40, No. 1.
Kuijer, M., 2020, The Challenging Relationship between the European Convention on Human Rights and the EU Legal Order: Consequences of a Delayed Accession, The International Journal of Human Rights, Vol. 24, Issue 7, pp. 998–1010.
Levin, A., Nicholson, J. M., 2005, Privacy Law in the United States, the EU, and Canada: The Allure of the Middle Ground, University of Ottawa Law & Technology Journal, Vol. 2, No. 2, pp. 357–395.
Moshell, R., 2005, … And Then There Was One: The Outlook for a Self-Regulatory United States Amidst a Global Trend toward Comprehensive Data Protection, Texas Tech Law Review 37, pp. 357, 384.
Nicola, F. G., Pollicino, O., 2020, The Balkanization of Data Privacy Regulation, West Virginia Law Review, Vol. 123, Issue 1, pp. 61–116.
Parry, R., Zhang, H., Fu, J., 2021, Personal Insolvency in China: Necessities, Difficulties, and Possibilities, Brooklyn Journal of International Law, Vol. 46, No. 2, pp. 517-571.
Pernot-Leplay, E., 2020, China’s Approach on Data Privacy Law: A Third Way between the U.S. and the EU? Penn State Journal of Law & International Affairs, Vol. 8, No. 1, pp. 49– 117.
Piciocchi, C. et al., 2018, Legal Issue in Governing Genetic Biobanks: The Italian Framework as a Case Study for the Implications for Citizen’s Health through Public-Private Initiatives, Journal of Community Genetics, Vol. 9, Issue 2, pp. 177–190.
Purtova, N., 2018, The Law of Everything. Broad Concept of Personal Data and Future of EU Data Protection Law, Law, Innovation and Technology Vol. 10, No. 1, pp. 40–81.
Reidenberg, J. R., 2001, E-Commerce and Trans-Atlantic Privacy, Houston Law Review, 38, pp. 717–749.
Salbu, S. R., 2002, The European Union Data Privacy Directive and International Relations, Vanderbilt Journal of Transnational Law, Vol. 35, Issue 2, pp. 655–695.
Schwartz, P. M., 2019, Global Data Privacy: The EU Way, New York University Law Review, 94, pp. 771–818.
Schwartz, P. M., Solove, D. J., 2014, Reconciling Personal Information in the United States and European Union, California Law Review, 102, pp. 877–916.
Shaffer, G., 2000, Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of U.S. Privacy Standards, Yale Journal of International Law, Vol. 25, pp. 1–88.
Tajti (Thaythy), T., 2019, Unprotected Consumers in the Digital Age: The Consumer-creditors of Bankrupt, Abandoned, Defunct and of Zombie Companies, Tilburg Law Review, Vol. 24, Issue 1, pp. 3–26.
Tajti (Thaythy), T., 2017, Leasing in the Western Balkans and the Fall of the Austrian Hypo-Alpe-Adria Bank, Pravni Zapisi,Vol. VII, No. 2, pp. 155–221.
Tobin, O., 2021, Data Protection and the Growing Political Dimension, Privacy & Data Protection 22(1).
Ukrow, J., 2018, Practitioner’s Corner – Data Protection without Frontiers? On the Relationship between EU GDPR and Amended CoE Convention 108, European Data Protection Law Review, Vol. 4, Issue 2, pp. 239–247.
Whitman, J. Q., The Two Western Cultures of Privacy: Dignity versus Liberty, Yale Law Journal, Vol. 113, No. 6, pp. 1151–1221.
Zeitzmann, S., 2021, The Council of Europe’s Tromso Convention on Access to Official Documents, European Data Protection Law Review, 7, p. 232.
Yu, L., Ahl, B., 2021, China’s Evolving Data Protection Law and the Financial Credit Information System: Court Practice and Suggestions for Legislative Reform, Hong Kong Law Journal, Vol. 51, pp. 287–308.
INDUSTRY PUBLICATIONS
EDPO, Brexit and the Data Protection Representative – What is the Impact for your Company? (https://edpo.com/uk-representative/, 7. 9. 2023).
Irish Consultative Committee of Accountancy Bodies, General Data Protection Regulation – Guidance for Insolvency Practitioners, Technical Release 02/2019, updated October 2022 (https://www.accaglobal.com/content/dam/ACCA_Global/Technical/insolv/GDPR%20Guidance%20for%20Insolvency%20Practitioners.pdf, 16. 10. 2023).
Rhodes, S.W., Bankruptcy Decisions on Privacy Issues, paper prepared for American Bankruptcy Institute 2003 Annual Spring Meeting (10–13 April 2003), ABI 557, para 11.
LEGISLATION, REGULATION, and SOFT LAW INSTRUMENTS
Canada
The Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5.
Office of the Privacy Commissioner Canada, 2015, A Guide for Individuals – Protecting your Privacy, 4, (https://www.priv.gc.ca/media/2036/guide_ind_e.pdf, 16. 10. 2023)[pinyin: Minfadian].
China
Civil Code of the People’s Republic of China 2020 (in force: 1 Jan 2021).
Data Security Act of the People’s Republic of China 2021 (in force: 1 Sept. 2021).
Personal Information Protection Law of the People’s Republic of China (PIPL) 2021 (in force: 1 Nov. 2021).
Justice Bureau of Shenzhen Municipality, Shenzhen Zone Interim Rules for the Registration and Disclosure of Personal Insolvency Information, (http://sf.sz.gov.cn/szsgrpcxxgkpt/xgzy/content/post_9528625.html, Chinese language, 16. 10. 2023).
Implementation Opinions on the Liquidation of Personal Debts (for Trial Implementation), promulgated by the Intermediate People’s Court of Dongying City (effective 1st December 2020).
Zhejiang Provincial Higher People’s Court, Guidelines for the Centralized Liquidation of Personal Debts of Zhejiang Courts (3 Dec. 2020).
Council of Europe
Council of Europe, Convention 108: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, 28 January 1981, E.T.S. 108.
Council of Europe, CETS No. 223, Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Strasbourg, 10 October 2018).
Council of Europe, Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108), CM(2018)2-final.
European Union
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regards to the processing of personal data and on the free movement of such data.
Council Regulation (EC) No. 1346/2000 of 29 May 2000 on Insolvency Proceedings, recast by Regulation (EU) 2015/848 of the European Parliament and of the Council of 20 May 2015 on insolvency proceedings.
Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector, 2002 O.J. (L 201) 37 (E-Privacy Directive), as amended by the EU telecoms reform package from November 2009.
Commission communication of 1st of October 2004 “Community guidelines on State aid for rescuing and restructuring firms in difficulty” (Official Journal 244, 1 December 2004, pp. 2–17).
Commission communication of 5 October 2007 “Overcoming the stigma of business failure – for a second chance policy – Implementing the Lisbon Partnership for Growth and Jobs” (COM/2007/0584 final).
Commission Communication of 25 June 2008: “Think Small First” - A Small Business Act for Europe (COM, 2008, 394 final)
Commission Recommendation of 12 March 2014 on a new approach to business failure and insolvency (L 74/65).
Charter of Fundamental Rights of the European Union, 2012/C 326/02.
Report from the Commission to the European Parliament, the Council and the European Economic and Social Committee on the application of Council Regulation (EC) No. 1346/2000 of 29 May 2000 on insolvency proceedings (COM[2012] 743 final).
Executive summary of the Opinion of the European Data Protection Supervisor on the Commission proposal for a Regulation amending Council Regulation (EC) No. 1346/2000 on insolvency proceedings, OJ C 358, 7 December 2013, pp. 15–16.
Regulation (EU) 2015/848 of the European Parliament and of the Council of 20 May 2015 on insolvency proceedings (recast).
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, OJ L 295, 21 November 2018.
Directive (EU) 2019/1023 of the European Parliament and of the Council of 20 June 2019 on preventive restructuring frameworks, on discharge of debt and disqualifications, and on measures to increase the efficiency of procedures concerning restructuring, insolvency and discharge of debt, and amending Directive (EU) 2017/1132 (Directive on restructuring and insolvency).
Proposal for a Directive of the European Parliament and of the Council harmonising certain aspects of insolvency law, Brussels, 7 December 2022 COM(2022) 702 final 2022/0408 (COD).
OECD
OECD, Guideline Governing the Protection of Privacy and Transborder Flows of Personal Data (1980), as updated in 2013.
OECD, Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, OECD/LEGAL/0188 (2022).
United Kingdom
Insolvency Act 1986, UK Public General Acts, 1986 c. 45.
The Data Protection Act, UK Public General Acts 2018 c. 12.
United States
Federal Level
The Privacy Act of 1974, as amended, 5 U.S.C. § 552a.
The Bankruptcy Reform Act of 1978 (Pub. L. 95–598, 92 Stat. 2549, November 6, 1978) – the Bankruptcy Code.
Bankruptcy Rule 2004.
2005 Bankruptcy Abuse Prevention and Consumer Protection Act, Pub. L. No. 109-8, 119 Stat. 23 (2005).
State Level
California
California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798. 100–199 (West 2021) (stepped into force Jan. 2020).
Illinois
Illinois’ Biometric Information Privacy Act, 74 ILCS 14, P.A. 95–994, eff. 10 March 2008.
CASE LAW
Canada
1077 Holdings Co-Operative (Re), 2021 BCSC 42, 2021 CarswellBC 895 (2021).
European Union
Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos [es], Mario Costeja González (C 131/12) ECLI:EU:C:2014:317.
CJEU, Schrems I Case C-362/14.
CJEU, Schrems II Case C-311/18 (as of 16 July 2020).
Germany
BGH IX ZB 85/08 (5 February 2009).
AG Rockenhausen, Urt. V. 09 August 2016 Az 2C 341/16.
Hungary
Case NAIH-2087-5/2012/H (March 2012) (in Hungarian language).
Moldova
Banca VIAS 32760/04 (judgment delivered on 6 November 2007)
Oferta Plus SRL (14385/04 judgment delivered on 12 February 2008).
United Kingdom
Re Southern Pacific Personal Loans Ltd., [2013] EWHC 2485 (Ch).
Oakley Smith v. Information Officer, EWHC 2485 (Ch), 2013 WL 3994837 (2013).
London Oil and Gas Ltd (In Administration), [2019] EWHC 3675.
Green v SCL Group Ltd [2019] EWHC 954 (Ch); [2019] B.P.I.R. 833; [2019] 4 WLUK 301 (Ch D).
Dawson-Damer v. Taylore Wessing LLP, [2020] EWCA Civ 352, 2020 WL 01158643.
United States
Federal Level
Maxwell Communication Corp. v. Sociètè Gènèrale 93 F.3d 1036 (US Court of Appeals, 2nd Cir., 1996).
In re Toysmart.com Inc. LLC, No. 00-13995 (Bankr. D. Mass., Aug. 17, 2000).
In Re Solidus Network WL 8462968 (2008).
In Re Joyce 399 B.R. 382 (Bkrtcy.D.Del. 2009).
In re Ceasars, 2015 U.S. Dist. LEXIS 137235.
In Re Borders Group, Inc. [453 B.R. 477, Bankr. S.D.N.Y. 2011].
United States v. Pivaroff, No. 2:13-cv-01498-APG-PAL (26 August 2015, U.S. Dist.C. Nevada).
In re Old BPS US Holdings, Inc., No. 16-12373 (Bankr. D. Del. Feb. 1, 2017).
Heard v. Becton 440 F.Supp. 3d 960 (2020).
In Re Chapman 2021 WL 1346046, 6+, Bkrtcy.E.D.Wis.
In Re Buppelmann 269 B.R. 341 (Bkrtcy.M.D.Pa. 2001)
In Re Ploetz 2022 WL 190429 (Bkrtcy.E.D.Wis.).
Federal Trade Commission v. Toysmart.com Inc., No. 00-11341-RGS (21 Aug. 2023).
Chasom Brown, et al. v. Google LLC, Case No: 4:20-cv-3664-YGR [US District Court, N.D. California, 7th Aug 2023].
State Level
In Re Blackwell, 263 B.R. 505 (W.D. Tex. 2000).
INTERNET SOURCES
Buyse, A., CJEU Rules: Draft Agreement on EU Accession to ECHR Incompatible with EU Law, ECHR Blog 2014/12/20 (blog text no longer available online as of 15 August 2022).
European e-Justice Portal, general information on insolvency law and insolvency registers of the Member States (https://e-justice.europa.eu/110/EN/bankruptcy_and_insolvency_registers, 16. 10. 2023).
Rosenkotter, E., Wutscher, M., 2022, Fifth State in the Union Becomes Fifth State to Enact Data Private Legislation, InsideARM, 17 May, (https://www.insidearm.com/news/00048260-fifth-state-union-becomes-fifth-state-ena/, 16. 10. 2023).
Scheinin, M., 2014, CJEU Opinion 2/13 – Three Mitigating Circumstances, VerfBlog, December 26, (http://www.verfassungsblog.de/cjeu-opinion-213-three-mitigating-circumstances/, 7. 9. 2023).
Zimmerman, A., 2016, Caesars Bankruptcy Examiner: Fraudulent Conveyance Damages Could Reach $5.1B, Forbes, 16 March, (https://www.forbes.com/sites/spleverage/2016/03/16/ceasars-bankruptcy-examiner-fraudulent-conveyance-damages-could-reach-5-1b/#3b0fb3a143f9, 16. 10. 2023).
OTHER SOURCES
Anonim., 2019, Facebook to pay $5bn fine to settle Cambridge Analytica claim – Case Comment, Comp. & Risk 8(4).
Garry, M., 2008 Biometric Payment Ends after Vendor Files Bankruptcy, Supermarket News, 31 March, (https://www.supermarketnews.com/technology/biometric-payment-ends-after-vendor-files-bankruptcy, 16. 10. 2023).
One Trust Data Guidance, 2023, China - Data Protection Overview, October, (https://www.dataguidance.com/notes/china-data-protection-overview, 16. 10. 2023).
Parliament of Canada, An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts (https://www.parl.ca/legisinfo/en/bill/44-1/c-27, 16. 10. 2023).
Zheng, C., 2018, Xiaoming court-ordered to refund bike deposits, China Daily, 23 March, (https://global.chinadaily.com.cn/a/201803/23/WS5ab474bda3105cdcf6513d22.html, 9. 9. 2023).