Indiana Law Journal

Document Type


Publication Date


Publication Citation

94 Indiana Law Journal Supplement 41 (2019)


In Part I of this Note, I will discuss the writ of habeas data that has been developed primarily, but not exclusively, in Latin American countries. I will discuss the intricacies of the writ, how it evolved, and how it is applied today. Using Argentina as an example, I will discuss how the writ would be used by an Argentine citizen to protect her personal data. Part II summarizes the previously employed data protection scheme in the European Union, the Data Protection Directive (“the Directive”), and will also discuss the new EU data protection regulation, the General Data Protection Regulation (GDPR), which became effective in May of 2018. I will discuss how the old Data Protection Directive is different from the GDPR, and how the rights given to EU Member citizens differ under each. I will cover the right to access, the right to stop processing, and the right to erasure, which are all provided within the new regulation (although previously alluded to in the Directive). I will provide an example of an EU Member citizen’s use of the rights provided under the GDPR.

The next two Parts of this Note will shift focus to U.S. legislation. Part III of this Note delves into the United States’ ad hoc approach to data protection, discussing several piecemeal regulations within the United States, and what type of rights those regulations provide to everyday citizens. The focus of this Part is primarily HIPAA, but other ad hoc regulations are discussed. Finally, Part IV will propose suggestions for the United States to learn from changing and growing international regulatory norms. In this Part, I will discuss the possible sources of authority for Congress to pass a comprehensive legislative scheme regarding personal data protection, as well as the authority to amend already existing legislation to expand personal rights for data protection. Lastly, I will discuss a possible expansion of the writ of habeas corpus by the judiciary to include personal data.