Reverse Engineering Informational Privacy Law

Is technology-neutral legislation possible? Technological neutrality in legislation is often praised for its flexibility and ability to apply to future technologies. Yet, time and again we realize that even if the law did not name any technology, it was nevertheless based on an image of a particular technology. When new technologies appear, they expose the underlying technological mindset of the existing law. This article suggests that we read technology-related laws so to uncover their hidden technological mindset so that we can better understand the law and prepare for the future. Reverse Engineering the law is an interpretive mode, tailored to uncover the technological layer of the law.After locating the discussion within the paradigm of law & technology, I unpack the meaning of technology-neutral legislation: I point to three possible justifications thereof: flexibility, innovation and harmonization. The article then suggests an initial typology that offers a range of legislative choices, richer rather than a binary all-or-nothing choice, and explains the methodology of reverse engineering the law.The next step is to challenge the claim for neutrality in the context of informational privacy. Proposals to amend the law are on the tables of policy-makers in the United States and in the EU. I focus on the current global engine of data protection law, the EU 1995 Data Protection Directive. The reverse engineering of the Directive indicates that it is more technological-neutral than we might have expected from an instrument that was composed in the early 1990s based on laws from the early 1970s. Nevertheless, the close reading reveals the underlying technological mindset and assumptions. I conclude that pure technologically neutral legislation is, to a great extent, a myth.