Download this Paper Open PDF in Browser

The Governance of Privacy Through Codes of Conduct: International Lessons for U.S. Privacy Policy

35 Pages Posted: 9 May 2013 Last revised: 13 Jul 2014

Colin Bennett

University of Victoria

Deirdre K. Mulligan

University of California, Berkeley - School of Information

Date Written: June 7, 2012

Abstract

The recent White Paper on privacy from the U.S. Department of Commerce encourages, "the development of voluntary, enforceable privacy codes of conduct in specific industries through the collaborative efforts of multi-stakeholder groups, the Federal Trade Commission (FTC), and a Privacy Policy Office within the Department of Commerce". The policy envisages a coordination of multi-stakeholder groups through a new Privacy Policy Office which would work with the FTC, “to develop voluntary but enforceable codes of conduct. Compliance with such a code would serve as a safe harbor for companies facing certain complaints about their privacy practices".

Privacy codes of practice have extensive histories in a number of countries outside the United States. At various times, they have been adopted to anticipate privacy legislation, to supplement privacy legislation, to preempt privacy legislation, and to implement privacy legislation. This paper draws upon international experiences and interviews with chief privacy officers to offer important lessons for American policymakers about how codes of practice might best encourage privacy protection on the ground.

Despite obvious differences, the Canadian policy experience may be especially instructive. Private sector regulation was originally based on a bottom-up approach through which legislation, called the Personal Information Protection and Electronic Documents Act of 2000, was based on a voluntarily negotiated standard through the Canadian Standards Association (CSA). This in turn was based on existing sectoral codes of practice, of the kind envisaged by the U.S. Department of Commerce. What has been the experience over the last decade? What useful lessons can be drawn for U.S. policy? What are the economic, technological, legal, and social conditions under which codes of practice might promote better privacy protection?

Keywords: privacy, codes of conduct, internet governance

Suggested Citation

Bennett, Colin and Mulligan, Deirdre K., The Governance of Privacy Through Codes of Conduct: International Lessons for U.S. Privacy Policy (June 7, 2012). Available at SSRN: https://ssrn.com/abstract=2230369 or http://dx.doi.org/10.2139/ssrn.2230369

Colin Bennett (Contact Author)

University of Victoria ( email )

3800 Finnerty Rd
Victoria, British Columbia V8P 5C2
Canada

Deirdre K. Mulligan

University of California, Berkeley - School of Information ( email )

102 South Hall
Berkeley, CA 94720-4600
United States

Paper statistics

Downloads
139
Rank
176,644
Abstract Views
636