•  
  •  
 

Document Type

Note

Abstract

Over 30 years ago, self-regulation served as a hopeful potential regulatory framework that would allow private companies to provide effective privacy protections for consumers. The aspiration for a data protection self-regulation regime arose due to the emergence and development of online commercial activity. E-commerce benefited companies that conducted business online but presented new challenges for the protection of consumer data. The Federal Trade Commission encouraged companies that collect consumer data to develop their own forms of self-regulation to protect the personal data of online consumers. If properly implemented, self-regulation promised efficient reorganization of privacy protections to meet the challenges of online data security from decades ago to now. 1 In response to the Federal Trade Commission’s encouragement, several different self-regulatory approaches have emerged with a mix of diverse sector involvement, ranging from governmental to trade associations. Self-regulation is likely to be a fundamental part of consumer data privacy regulation for the foreseeable future. Currently, most online companies rely on a self-regulatory model to police bad behavior that violates general privacy protections for their users. However, the rapid expansion of the Internet and the evolution of the online marketplace calls into question the effectiveness of businesses’ present self-regulatory regime and whether these businesses are providing proper privacy protections for online consumers. As part of the examination of whether existing practices of self-regulation are effective, it is necessary to understand what “self-regulation” is. There are several definitions for the term but in its most basic form, self-regulation means that the “industry or profession rather than the government is doing the regulation.”2 Self-regulation is described as a spectrum. On one end, it is a formally delegated power by the government to regulate. On the other end, it is the private sector’s responsibility to regulate itself in response to consumer demand or to improve industry reputation. 3 Often, an industry will engage in self-regulation to prevent federal or state government interference. Self-regulation is also undertaken to implement or supplement governmental legislation. 4 For the purposes of this paper, the “private industry” refers to economic activity in the private sector. The private sector refers to businesses that are owned by citizens rather than owned by the government. This paper focuses specifically on businesses that engage in e-commerce and online activity where general consumer data is collected. General consumer privacy online includes a wide range of privacy issues, including spam, social networking, behavioral advertising, pretexting, spyware, peer-to-peer file sharing, and mobile devices. 5 This paper will examine present self-regulatory practices that are used by the private industry, and their adequacy in today’s Internet landscape. In observing self-regulatory practices, this paper will outline self-regulation, describe the development of the private industry’s self-regulation of online consumer privacy up to the present, and provide a recommendation to best achieve general privacy protections for online consumers.

Erratum

The editors recognize that the page numbers for this Note need to be corrected. The preceding Note by Crane should end on page 166; this Note should be paginated as 167 through 200.

Share

COinS