The twin goals of privacy and data security share a fascinating symbiotic relationship: too much of one undermines the other. The international regulatory climate, embodied principally by the European Union’s 1995 Directive, increasingly promotes privacy. In the last two decades, fifty-three countries enacted national legislation largely patterned after the E.U. Directive. These laws, by and large, protect privacy by restricting data processing and data transfers.
At the same time, hacking, malware, and other cyber-threats continue to grow in frequency and sophistication. In 2010, one security firm recorded 286 million variants of malware and found that 232.4 million identities were exposed. To address these evolving threats, modern security techniques analyze and process massive amounts of data. The Article posits that international law increasingly favors privacy, throwing the symbiotic relationship out of balance. By restricting data processing and by failing to exempt data processing for security purposes, global privacy laws undermine private data by increasing its vulnerability.