Going Dutch? Collaborative Dutch Privacy Regulation and the Lessons It Holds for U.S. Privacy Law
84 Pages Posted: 11 Feb 2014 Last revised: 27 Feb 2014
Date Written: November 1, 2013
Abstract
Regulatory theorists have engaged in an interesting debate over the merits of “collaborative governance.” The term refers to those governance approaches in which regulators, industry and other stakeholders work together on drafting and enforcing rules. Proponents of collaborative governance claim that it combines the flexibility of self-regulation with the accountability of government rules. Critics counter that it gives industry members too much power over the rules and so allows the fox to guard the henhouse.
This debate has great relevance for U.S. privacy law today. The leading proposals for consumer privacy regulation call for a collaborative approach. Several bills in Congress and a major 2012 White House report encourage regulators, business representatives and others to work together on drafting the rules that will govern the field.
Is this a good thing? Should we rely on collaborative regulation to protect our privacy? While much has been published on the general merits of collaborative governance, far less has been written on how this approach works in practice or on how it would work in the privacy field. This article seeks to fill this gap. It examines the leading example of collaborative privacy regulation in the world today – the Dutch experiment with legally enforceable privacy codes of conduct. This initiative is very similar to one that Congress is considering. The author spent a semester as a Fulbright Professor in the Netherlands where he studied the collaborative Dutch approach and sought to identify the lessons it holds for U.S. privacy law.
This article conveys the results of that research. It begins by analyzing the scholarly debate over collaborative governance and using it to provide a context for the recent U.S. proposals for collaborative privacy regulation. Drawing on original interviews with those involved in the Dutch program, it next assesses the merits of the collaborative Dutch approach to privacy regulation and identifies the lessons that it holds for U.S. privacy law and policy. It concludes with normative, research-based recommendations for how Congress should design consumer privacy legislation.
Keywords: privacy, privacy law, data protection law, regulation, co-regulation, governance, collaborative governance, regulatory theory, governance theory, new governance, Europe, Netherlands, Dutch, code of conduct, administrative law, comparative administrative law, comparative regulation
JEL Classification: K20, K23, L50, L52, L86, O33, O38
Suggested Citation: Suggested Citation