Past Releases and Reports
About Privacilla
Privacy Fundamentals
Privacy and Government
Privacy and Business
Online Privacy
Financial Privacy
Medical Privacy
How to send an e-mail to Privacilla?  Click here!
Your Source for Privacy Policy from a Free-market, Pro-technology Perspective

Click to return to the Privacy and Business outline

Home > Privacy and Business > How to Regulate Privacy

How to Regulate Privacy

Privacy should be regulated. The important question is "Who should regulate it?" There are at least three levels at which privacy could be regulated, each with benefits and drawbacks.

The most obvious place to regulate privacy, if not the best, is at the governmental level. Governments are in the business of writing laws and regulations, and people look to governments to lay down clear rules that prevent harms to the public. When it comes to privacy, however, governments are subject to at least two important disabilities.

First, they are not well equipped to find and enforce rules that accommodate the different levels of privacy that different consumers may want. Where some consumers may have very strict senses of privacy, others have significantly fewer reservations about revealing personal information and receiving the benefits of unvarnished participation in commercial life. Administrative regulation would not accommodate this wide range of consumer desires. It would also probably cut off new uses of information that do not cause harm to the public.

One-size-fits-all privacy standards would assuredly chill innovation in information-based industries. These are great engines of progress, diverse, and changing too rapidly to be captured by even the best thought-out regulation. For this reason, the United States government has recommended that other governments resist top-down regulatory controls.

A second disability on government is the First Amendment, which strictly limits how governments (in the United States, at least) may control many types and uses of information. It is inconsistent with the Constitution, and important American values, to prevent information from being collected, shared, and disseminated.

Another level at which to regulate privacy, one much-ballyhooed and discussed, is at the industry level. Industries can develop principles and practices that reflect consensus on the best approach to privacy. In "industry self-regulation," a network of leading companies may require their business partners to meet industry standards on privacy.

Self-regulation has the benefit of flexibility not found in government regulation, and it also is not constrained by the First Amendment. Self-regulation, however, is often criticized by those skeptical of business as "letting the fox guard the chicken coop." It also creates some danger to consumers because rogue companies that do not follow industry standards may take advantage of a complacent public.

Finally, there is market or consumer regulation. Consumers are in the best position to know their desires with respect to privacy, and they are in the best position to enforce the terms of their desires through their choices in the marketplace. One of the key advantages of this form of regulation is that it is already in use and has been operating with success for years.

There should be no mystery to market regulation. Each of us participates in it every day by gravitating to offerings that satisfy us and by avoiding those that do not. In the case of privacy, consumers may choose whether or not to deal with businesses who promise them a given level of privacy. Businesses who offer privacy that pleases consumers succeed. Those who do not offer satisfactory privacy guarantees are ignored, quietly pushed to the margins of the economy, and put out of business.

Market regulation is backed up by a number of laws, including the privacy torts which encompass established societal norms about information use. When a company violates a privacy promise it has made to consumers, it may have to answer to fraud and misrepresentation charges, breach of contract claims, or other legal actions.

One of the strongest criticisms of market regulation is that consumers are not always offered privacy options when they are invited to do business. This is not a valid criticism. Consumer choice extends to deciding whether to deal with a business that does not state a privacy policy. Though many consumers claim to be very concerned about privacy, many are cavalier about their personal information when asked to share it. They are entitled to be very concerned, cavalier, or ignorant. Consumer choices in the marketplace will accurately reflect their interests, and businesses will gravitate to the practices that satisfy them.


Enforced Standards Versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy Disclosure and Practice in The U.S. and The U.K.; Karim Jamal et al., AEI-Brookings Joint Center on Regulatory Studies (July 2003)

Want Privacy? Donít Look To New Laws; Seek Self-Protection, by Duane D. Freese, Tech Central Station (February 12, 2001)

On Privacy, One Size Doesnít Fit All by James Glassman, Tech Central Station (October 23, 2000)

Protecting Your Privacy: Who Should Do It? by Sonia Arrison, Pacific Research Institute (January 18, 2000)

Self-Regulation: Regulatory Fad or Market Forces? by Solveig Singleton, Cato Institute (May 7, 1999)

Comments? (Subject: HowToRegulate)

[updated 07/26/03]

©2000-2003 All content subject to the Privacilla Public License.