Global Dimensions of Corporate Data: An Expert Dialogue on Privacy, Security, and Cross-Border Policy

An Overture to Privacy Rights

I was fortunate enough to have the opportunity to speak with an expert on the recent trends of cyber risk management in the business world. 

I find it somewhat amusing that for the past few weeks, I’ve read novels filled endlessly with interviews featuring the advice and commentary of field experts, and occasionally, despite being prominently highlighted in the novel’s publication, conceal their identity for the purpose of keeping their professional lives and circumstances private.

And now, just a few short weeks later, I’ve found myself in the same situation: talking to an expert, who, for the purposes of this blog and its intentions, will remain anonymous. 

What I will say includes the following: my chat with a Jane Doe—currently serving as a senior director of security at a Fortune 500 corporation—primarily consisted of one particular aspect of the intersections of business and cybersecurity that I find most fascinating, which includes the importance of ethics in cybersecurity spaces. 

Cyber ethics are a quintessential domain in the field of cybersecurity. They consist of a complex structure due to the technological anonymity and digital realm’s greater reach, but before I continue, I’ll take a moment to address what their core principles encompass in this digital era’s realm.

Cyber ethics can be explained as the moral standards to the utilization of computers and similar technologies. These methods are implemented to ensure that computer practices maintain privacy and online respect. Subsequently, if you’re taking advantage of the computer’s infrastructure for immoral purposes, that can be considered a violation of cyber ethics. 

Specifically, one aspect of cyber ethics that I’ve delved into can be associated with a more political lens: the balance of power between nation-states’ needs for their citizens’ data for national security vs. citizens’ individual privacy rights. 

Bite-Size Case Study

When I initially began reviewing this interest of mine, I’m brought back to the moment I first learned about a certain scenario. Earlier last year, I had learned of the infamous privacy vs. security dispute between Apple and the FBI following the 2015 San Bernardino attack. 

For the sake of instruction, I’ll briefly explain the scenario.

On December 2nd, 2015, the city of San Bernardino, California, was met with havoc. The municipality itself, just 60 miles from the city center of Los Angeles, houses the San Bernardino County Department of Public Health, where a training event and party were taking place. 

Following the event’s celebrations, intruders, conducting a mass shooting, encountered the employees where they killed fourteen people and injured dozens more. Thereafter, investigators believed that the intruder’s actions were inspired by foreign terrorist groups amidst underlying ideological tensions. This was primarily decided due to evidence of the attackers loyalty to extremist groups such as ISIS.

Moreover, although this attack’s case didn’t originally relate to the field of cyber ethics, its following results soon consisted of a case that left many professionals in a conflict of interest. 

Following the attacks, the FBI sought to create an accessible backdoor in the Apple iOS that would technologically allow for the government organization to access one of the attacker’s phones and gain necessary information in regard to the attack itself in a pursuit of national security. However, despite the FBI’s request, Apple refused in stern belief of user privacy and fear of the vulnerabilities that would lie for its global users within such a bypass. 

This dispute emphasized a growing conflict within the cybersecurity domain: the future battle between privacy, consisting of individual rights, and national security, for the sake of user and civilian safety. 

Nevertheless, this particular instance only relates to the challenging cybersecurity ethics between a nation-state and its people. However, there are countless other applications in which cyber ethics can be applied, such as the world of international business, in which corporations and supranational organizations must collaborate on policies in order to comply with each other's digital privacy laws while maintaining business operations. 

Discussion with A Director

Before I continue heading into the thousands of miniscule details regarding this emerging topic, I’ll include the comments that I received from my conversation with Doe. 

My first few questions all regarded how, in an era of constant data collection, she believed the line between necessary security surveillance for threat detection—similar to the San Bernardino dispute—and an individual’s right to privacy lay. 

In response to this, she explained to me that “both [parties] come into play,” and therefore that she was unsure if there is a “hard line.” She explained how, on many occasions, people have to “give their data” and that corporations or entities must treat them responsibly. Unless you’re living under very secluded standards, it is increasingly difficult to live under the radar in modern society and distant from data collection, whether used for legal or recreational purposes. Subsequently, I acknowledged this point.

These described “responsible data collections” are virtually evident through the creation of state privacy acts in the U.S., meant to inform users on what data is collected about them and provide them further clarification on how to manage their data with consent, in addition to further U.S. laws such as the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), and the Health Insurance Portability and Accountability Act (HIPAA) that further restrict the utilization of personal user information in financial and medical settings.

Furthermore, she discussed with me that a variety of dilemmas occur in the circumstances in which these entities violate or use civilian data unethically. When looking back upon my recent research, I recollected some events that I felt represented this idea; I was intrigued to find such events that have occurred in recent times as well. 

These ranged from current biometric lawsuits—where corporations such as Target and Meta have been revealed or proposed to have utilized users and shoppers’ biometric data without legal consent—to revelations of government surveillance—where American GOs such as the FBI and FINCen have been gathering civilian financial information without warrants in addition to the NSA’s habits of purchasing civilian internet data, as explained by U.S. Senator Ron Wyden in 2024.

As we continued to discuss, I began inquiring Jane of the global nature of cyber threats—directly addressing the growing field of cybersecurity operations across our globe—and consequently, how they have intensified the ethical complexities of international data flows for cybersecurity and executive teams alike. 

In my questions, I detailed the current approach to privacy laws for global data. Previously, this field of thought piqued my interest due to my growing desire to understand how security in a business and government setting is dealt with among varying political states, such as how I had been researching the upcoming global gTLD application system and its benefits for a multitude of entities. 

In response, Jane explained that when referring to global cooperation on digital security, there are varying perspectives. Specifically, stating that “privacy is looked at differently in the U.S. than it is looked at in Europe.” I felt that this was understandable, given the different backgrounds in technology and history that the countries may have. Varying regions’ interests in policy were inevitably going to be conflicting at times.

Jane continued to explain her perspective, stating that “In Europe, [privacy] is looked at as a right. Whereas in America, it’s not.” This could be evident in the European Union’s General Data Protection Regulation (GDPR), where laws describe and empower civilians’s explicit rights in storing their personal data, whereas the U.S. has been described as having merely a patchwork—which was even described by Jane in our conversation—consisting of the current technologically applicable fourth amendment in addition to field-specific laws explained in the passages above.

Although I had heard similar comments in the past, I felt the urge to gain a more thorough perspective. Hence, I was educated on the commentary and belief that the state of American privacy law has been addressed as incomprehensive and further, with a lack of uniformity, over the coming years, especially in a decade of mass digitization, professionals have now spoken more frequently over time as concerns have intensified. 

In an article published by the Washington University Law Review, expert Ari Ezra Waldman stated that “privacy law is failing to deliver its promised protections because it is undergoing a process of legal symbolism, where toothless trainings, audits, and paper trails, among other symbols, are being confused for actual adherence to privacy law” (Waldman, 2020).

To further illustrate the results of the complexity, some have even described the current state of laws as a “loophole” amongst surveillance laws, as described by cybersecurity expert Axel Arnbak in a CBS News interview in 2014, and as Jane herself stated that “a lot of challenges lie” in this current environment, civilians must be aware of the risks surrounding their online data.

By utilizing privacy settings, reviewing social media disclosures, and reading the various privacy policies associated with online media, civilians limit their exposures, though many concerns remain consistent. A recent study conducted by the Pew Research center in 2025 expresses how “80% of Americans are concerned about their [digital] privacy,” and this trend likely will continue to dominate the following decades of technological advancement unless changes are made. 

In short, I was very thankful for my discussion with Jane, as it greatly enlightened me with the opportunity to engage with a current issue in the domain. Furthermore, I’m excitedly anticipating my next opportunity in engagement.

Bibliography

Whittaker, Zack. "Legal Loopholes Should Allow Wider NSA Surveillance,

     Researchers Say." CBS News, CBS Interactive Inc, 30 June 2014,

     www.cbsnews.com/news/

     legal-loopholes-could-let-nsa-surveillance-circumvent-fourth-amendment-researcher

     s-say/.

Waldman, Ari Ezra. "Privacy Law's False Promise." Washington University Law

     Review, vol. 97, no. 3, 2020, openscholarship.wustl.edu/law_lawreview/vol97/iss3/7/.