Privacy Self Regulation: A Decade of Disappointment
Chris Jay Hoofnagle
University of California, Berkeley - School of Information; University of California, Berkeley - School of Law
January 19, 2005
in Consumer Protection in the Age of the 'Information Economy' (Jane K. Winn, ed.)(Ashgate 2006)
The Federal Trade Commission's Do-Not-Call Registry, a government-created protection for privacy, is a stellar success. With over 80 million numbers enrolled, Americans now have a easy to use and effective shield against telemarketing. The government's creation quickly superceded and made irrelevant self-regulatory solutions, which were difficult to use, did not apply to all telemarketers, and were unenforceable.
This article argues that, like self-regulatory solutions to the 20th century problem of telemarketing, market approaches to protecting consumers from 21st century problems have failed. The FTC embraced self-regulation to protect privacy on the Internet in 1995. That decision stalled Congress and anesthetized the public, as privacy practices worsened for a decade. Self-regulation has allowed the development of new tracking technologies, and the continued employment of old ones. Self-regulation allows companies to obfuscate their practices, leaving consumers in the dark. Emerging technologies represent serious threats to privacy and are not addressed by self-regulation or law. Self regulation has failed to produce usable anonymous payment mechanisms. We now know (as a result of California consumer protection regulation) that self-regulation failed to address security.
And finally, the worst identification and tracking policies from the online world are finding their way into the offline world. In other words, online self-regulatory approaches have encouraged a more invasive web environment, and have dragged down the practices of ordinary, offline retailers. This paper argues that the FTC and Congress should reevaluate their commitment to market approaches, and empower consumers with privacy law that incorporates Fair Information Practices.
Number of Pages in PDF File: 20
Keywords: Privacy, market, self-regulation, consumer protection, telemarketing, profiling, cookies, price discrimination, customer exclusion
JEL Classification: K20
Date posted: March 30, 2005 ; Last revised: June 29, 2014