Privacy Self Regulation: A Decade of Disappointment
Author(s): Chris Jay Hoofnagle
Abstract: The Federal Trade Commission’s Do-Not-Call Registry, a government-created protection for privacy, is a stellar success. With over 80 million numbers enrolled, Americans now have a easy to use and effective shield against telemarketing. The government’s creation quickly superceded and made irrelevant self-regulatory solutions, which were difficult to use, did not apply to all telemarketers, and were unenforceable.
This article argues that, like self-regulatory solutions to the 20th century problem of telemarketing, market approaches to protecting consumers from 21st century problems have failed. The FTC embraced self-regulation to protect privacy on the Internet in 1995. That decision stalled Congress and anesthetized the public, as privacy practices worsened for a decade. Self-regulation has allowed the development of new tracking technologies, and the continued employment of old ones. Self-regulation allows companies to obfuscate their practices, leaving consumers in the dark. Emerging technologies represent serious threats to privacy and are not addressed by self-regulation or law. Self regulation has failed to produce usable anonymous payment mechanisms. We now know (as a result of California consumer protection regulation) that self-regulation failed to address security.
And finally, the worst identification and tracking policies from the online world are finding their way into the offline world. In other words, online self-regulatory approaches have encouraged a more invasive web environment, and have dragged down the practices of ordinary, offline retailers. This paper argues that the FTC and Congress should reevaluate their commitment to market approaches, and empower consumers with privacy law that incorporates Fair Information Practices.
Keywords: Privacy, market, self-regulation, consumer protection, telemarketing, profiling, cookies, price discrimination, customer exclusion