Problems with Self-Regulation of Online Privacy

Problems with Self-Regulation of Online Privacy

Length: 2726 words (7.8 double-spaced pages)

Rating: Excellent

Open Document

Essay Preview

More ↓

    Abstract:  In this paper, I will briefly define privacy and "fair information practices."  Then I will discuss the regime of self-regulation that is currently in place in the United States to protect these principles as they relate to consumer online data collection and dissemination.  Specifically, I will show that there are some problems with this system.  In particular, I will point out that privacy practices are not universal, and that companies may not be driven to implement fair information practices by market forces because of the strong financial incentives for them to do otherwise.  Finally, I will suggest that legislation like that used in the European Union might be a viable alternative to self-regulation in the United States.





I enjoy shopping online.  As a college student in rural New Hampshire, the abundance of online retailers is a dream come true, as it allows me to buy the latest fashions and other items directly from my dorm.  But what price do I pay for such luxury?  I compromise my privacy as a consumer and open myself up to a world of customer profiling, targeted advertising, and analysis of my online behavior.


Currently, there are no all-encompassing legal restrictions on the collection and use of customer-provided data, clickstream data, and other forms of personal information collected about adult consumers over the Internet.1  Instead, we rely on a system of industry self-regulation, built on a market model, to protect consumer privacy.  There are several problems with this system.  First, it is not universally implemented; sites are not required to disclose their privacy practices.  Second, since online businesses stand to gain financially from the use of personal data, especially in targeted marketing campaigns, and because most consumers are not knowledgeable enough to protect themselves, companies may not actually be driven to protect consumer privacy by the market, as was originally thought.  Instead, legislation, similar to that passed in 1998 by the European Union, may be required to guarantee Americans' online privacy.


Defining Fair Information Practices

First, it is necessary to define privacy and fair information practices as they pertain to online commerce.  Back in 1973, the US Department of Health, Education, and Welfare developed a Code of Fair Information practices (US Dept. of Health 1973). It is based on five general principles (US Dept. of Health 1973):

* There must be no personal data record-keeping systems whose existence is a secret.

How to Cite this Page

MLA Citation:
"Problems with Self-Regulation of Online Privacy." 19 Aug 2018

Need Writing Help?

Get feedback on grammar, clarity, concision and logic instantly.

Check your paper »

Surveillance and Privacy Issues Essay

- 2) It is getting ever easier to record anything, or everything, that you see. This opens fascinating possibilities-and alarming ones.” The Economist, Nov. 16, 2013 Discuss this statement in the light of the medias recent preoccupation with surveillance and privacy issues. Include government surveillance and social media. For example the young woman who accused Florida state quarterback jameis Winston of rape was identified by football fans on social media and had ugly anonymous things posted about her....   [tags: social media, government, privacy, policies]

Research Papers
1006 words (2.9 pages)

The Privacy Invasion of Consumers Through the Internet and Bluetooth Devices

- The Privacy Invasion of Consumers Through the Internet and Bluetooth Devices ABSTRACT Faster, easier, and cheaper access to a plethora of information, products and people is a primary stimulus for the growing number of online consumers who use the Internet to fulfill information foraging, communication and commerce needs. Oddly enough, these conveniences appear to override users concerns of privacy invasion. As the mechanisms behind information technologies become increasingly transparent, users must trust the companies producing the products to protect them from privacy invasion and refrain from deceitful consumer information practices....   [tags: Internet Privacy Web Cyberspace Essays]

Research Papers
4206 words (12 pages)

Defending Privacy of Personal Information Essay

- Defending Privacy of Personal Information Privacy does not have a single definition and it is a concept that is not easily defined. Information privacy is an individual's claim to control the terms under which personal information is acquired, disclosed, and used [9]. In the context of privacy, personal information includes any information relating to or traceable to an individual person [ 1]. Privacy can be defined as a fundamental human right; thus, privacy protection which involves the establishment of rules governing the collection and handling of personal data can be seen as a boundary line as how far society can intrude into a person's affairs....   [tags: Internet Web Computers Essays]

Research Papers
3909 words (11.2 pages)

Privacy versus Profiling Essay

- If a stranger would approach someone on the street, would one casually offer personal information to him. Would one allow him to follow and record one’s activities. Although it may be obvious in the concrete world that one would not allow it, the behavior of the general population on the Internet is strikingly different. While surfing websites such as Facebook, Twitter, and Google, many people provide personal details to enhance their online profile. These websites retain vast amounts of personal information from their users....   [tags: Security]

Research Papers
1725 words (4.9 pages)

Essay about Cyberbullying Through Internet in Hong Kong

- Cyberbullying is one of the current topic which is discussed in Hong Kong society for a long time. As the popularity of electronic devices and the increasing use of Internet, cyberbullying is becoming a serious problem through Hong Kong society. The situation not only occur among teenagers, but also in adults which cause a critical consequence. Belsey [1] define the cyberbullying as one type of bullying which main occur on the internet through the use of information and communication technology to support purposeful, repeated, and antagonistic behavior by an individual or group, where in the result to harm others....   [tags: harm, behavior, law, regulation]

Research Papers
545 words (1.6 pages)

Brief History and Introduction of Privacy and Human Rights Essay

- Brief History and Introduction of Privacy and Human Rights From Article 21 of the Japan Constitution states, “Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. No censorship shall be maintained, nor shall the secrecy of any means of communication be violated.” Article 35 states, “The right of all persons to be secure in their homes, papers and effects against entries, searches and seizures shall not be impaired except upon warrant issued for adequate cause and particularly describing the place to be searched and things to be seized ....   [tags: Technology Technological Japan Essays]

Research Papers
2751 words (7.9 pages)

Facilitating Children's Self-Regulation Skills at the End of Play-Based Activities

- Research Topic: Facilitating children’s self-regulation skills at the end of play-based activities. Introduction Self-regulation is an integral part of life, a skill that can be learned and practice from young. Self-regulation is apparent in different domains such as emotional, behavioural, and cognitive and are interrelated (Jahromi & Stifter, 2008, p. 125). Self-regulation is needed specifically as children conclude the end of play-based activities. However, teachers often face children’s reluctance during these clean-up periods which result in the delay of instructional activities....   [tags: Literature Review, Self-Regulation, Cognitive]

Research Papers
1271 words (3.6 pages)

Social Media and Privacy: Relationships and Online Surveillance Essays

- Online Surveillance The negative consequences of online surveillance are consistent media headliners cautioning users to be wise with their sensitive information. This research address both positive and negative outlooks of online surveillance. According to Lee Humphreys’ article “Who’s Watching Whom. A Study of Interactive Technology and Surveillance”, a yearlong experiment explored how people think about privacy and surveillance when using mobile social networks (Humphreys 2011, 575). In examining Google’s Dodgeball, a mobile service like foursquare that allowed users to provide their location-based information with others, they discovered that “most informants were not concerned about pri...   [tags: Internet, Privacy, Information]

Research Papers
1913 words (5.5 pages)

Essay on Regulation Data Protection and Personal Data Privacy

- CONTENTS PAGE EXECUTIVE SUMMARY iv CHAPTER 1 - INTRODUCTION 1 Background 1 Statement of Purpose 1 Scope 2 Limitations 2 Methods of Research 2 CHAPTER 2 - FINDINGS 3…………………………………………………………3 Current Regulations 3 Current Expectations from customers 6 Reason Additional Regulations should be added 8 Future Potential 9 CHAPTER 3 - CONCLUSIONS AND RECOMMENDATIONS 11 Conclusions 11 Recommendations 12 WORKS CITED 13 EXECUTIVE SUMMARY This report will describe the history of government regulations and FTC....   [tags: Data Privacy]

Research Papers
2928 words (8.4 pages)

Online Privacy and the Internet Essay

- More people can reach one another today than in years past because of social networking sites. The world has become a lot smaller because of sites like Facebook, MySpace, LinkedIn, and many others. There are certainly many advantages to using these resourceful social networks, such as keeping up with friends and family, sharing photos, and staying up to date with current events. Nonetheless, there is a growing concern about privacy, or the lack thereof, because of these sites. The ability to determine your privacy settings is at times confusing, and at other times, simply misleading....   [tags: Social Network Sites, Privacy, Internet]

Research Papers
987 words (2.8 pages)

Related Searches

* There must be a way for a person to find out what information about him or her is in a record and how it is used.

* There must be a way for a person to prevent information that was obtained for one purpose from being used or made available for other purposes without his or her consent.

* There must be a way to correct or amend a record of identifiable personal information.

* Any organization "creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data."


Over time, these five principles have evolved into those currently suggested by the Federal Trade Commission with regards to consumer online privacy: Notice, Choice, Access, Security, and Enforcement (FTC 2000).


A System of Self-Regulation

Defining fair practices is only the first step in guaranteeing privacy.  Next, the principles must be put into practice.  There are three primary tactics for promoting these principles and for regulating the online collection and use of personal information.  These approaches include legislation, industry self-regulation, and new technologies meant to limit the exchange of personal information (Kotz 1999).


In its 1999 report to Congress, the Federal Trade Commission (FTC) reported that it considered a method of self-regulation to be "the least intrusive and most efficient means to ensure fair information practices online, given the rapidly evolving nature of the Internet and computer technology" (FTC 1999).  This statement shows that the five principles of fair information practices are merely suggested, not legally required.  The system of self-regulation is based on a pure-market model, which concludes that companies should be driven to protect consumer privacy because doing so would build consumer confidence and boost their own revenues (Dept. of Commerce 1997).


The FTC's statement points to online privacy seal programs as "a particularly promising development in self-regulation" although it stated that further improvement was still necessary to protect consumers' online privacy.  Specifically, the FTC cited TRUSTe and the Better Business Bureau Online as examples of promising programs. (FTC 1999) 


Indeed, privacy seal programs like TRUSTe and BBBOnline have developed substantially over the past few years.  The idea behind these programs is that an independent organization would license a consumer web site by reviewing the company's privacy policy and by periodically checking that the company is following its own stated practices.  The site would then be allowed to post the program's "seal" on its site to prove to customers that it has been reviewed.  According to TRUSTe:


We monitor our licensees for compliance with their posted privacy practices and TRUSTe program requirements through a variety of measures.  Our oversight process includes initial and periodic web site reviews, 'seeding,' and online community monitoring. (TRUSTe)



More simply, the BBBOnline describes compliance with its program as "say what you do, do what you say, and have it verified" (BBBOnline).


            These programs build on the market model because companies seek to obtain privacy seals in order to promote consumer confidence in their sites, and to increase business and revenue.  According to the BBBOnline description of benefits for sites, participating in the privacy program allows a business to "distinguish [itself] from online competitors that have not pledged to the high standards set forth in the BBBOnline" and to "help increase consumer confidence in the web as a safe place to shop" (BBBOnline).


Problems with Self-Regulation

While seal programs are a promising development, self-regulation still has some significant flaws. One basic problem with the current system is that it is not universal.  For instance, the use of seal programs by consumer sites is purely optional, and legally the only requirement is that companies not violate their own posted privacy policies, as this would be considered a deceptive business practice (Killingsworth 1999).  A site can get around this problem by just not making any promises regarding privacy (Killingsworth 1999).


For example, the Federal Trade Commission recently concluded a year-long investigation of DoubleClick, Inc., an online marketing agency, to determine whether that company engaged in any "unfair or deceptive acts or practices" in "collecting, maintaining, using, or transferring customer information, including personal identifying information" (FTC to Varney 2001).  The inquiry was prompted by a complaint brought by a watchdog group, The Electronic Privacy Information Center (EPIC), accusing DoubleClick of violating the law (Perine February 2000).  Based on its investigation, the FTC determined that although DoubleClick did collect and use personally identifying and clickstream data from its users, it did not do so "in contravention of its stated privacy policy" (FTC to Varney 2001), and was therefore not participating in deceptive business practices under the law.


According to one study, the majority of consumer sites collect at least one type of personal information (Culnan 2000).  However, more than half of consumer sites still do not post privacy policies or information practice statements that address each one of the areas of notice, choice, access, and security (Culnan 2000).  Moreover, "nearly one-third of web sites did not post any disclosures" (Culnan 2000).  As for the touted privacy seal programs, a 2000 survey by the FTC determined that "the seal programs have yet to establish a significant presence on the Web" (FTC 2000).  They found that less than one-tenth of the randomly sampled sites displayed a privacy seal (FTC 2000).


Another major problem with the self-regulatory system is the ignorance of consumers.  The motivation for businesses to collect personal information is great, and because many consumers do not know how to protect themselves, the market model may actually not apply. The personal information of customers, both online and offline, is extremely valuable to companies, especially for marketing.  Online, this information is collected in three general ways: by directly recording the information typed by the user into a web page, by indirectly keeping track of an individual's web-surfing activity such as the pages he visits, and finally by correlating data from multiple sources to infer new facts about a person (Kotz 1999).  More specifically, information is collected through server logs, cookies, and web forms (Kotz 1999).  After it is collected, this information can be used to tailor advertisements to the specific customer.  For example, if a consumer browsed a travel site looking for inexpensive airline tickets to Paris, an intelligent direct-marketing system would bring up ads for travel books and hotels.


            Entire companies have been built on the idea of online direct marketing.  DoubleClick, mentioned above, is one example.  The company's "DART"(Dynamic Advertising Reporting & Targeting) product is sold to advertisers as a sophisticated marketing tool.  According to DoubleClick's web site, "it enables you to reach your customers, measure their response, and turn information into wisdom" (DoubleClick).  Net Perceptions and Engage also advertise that they offer similar services. (Engage) (Net Perceptions)


            In addition to direct marketing services, other online businesses make use of consumer data in managing customer relationships.  For example, online shopping networks such as and Clickrewards invite consumers to become members of their respective programs.  In exchange for providing personal information and for making purchases through the companies' sites, customers are awarded "points" or "miles" respectively, which are redeemable for merchandise, travel, etc. (MyPoints) (ClickRewards).


            While businesses clearly have the incentive to collect personal information, the majority of consumers are concerned about online privacy (Robuck 2000).  Yet, they often do not know how to protect themselves. (Robuck 2000)  In one survey, the majority of Americans questioned believed that the customer tracking done by web sites is harmful because it invades their privacy (Robuck 2000), but at the same time, 56% of Americans did not know what a cookie was (Robuck 2000), even though it is one of the most widely-used data collection mechanisms.


            Because most consumers lack a basic understanding of Internet privacy, it is unclear whether the competitive market model, used as an argument in favor of industry self-regulation, is applicable.  If consumers do not understand the basics of online data collection and privacy, it will not be of any benefit for businesses to protect their privacy because the customers will not be able to tell the difference.  If customers do not recognize the difference, they will not necessarily prefer a site with a stated privacy policy to another site.


According to one source, "there are critical normative flaws in the theory of self-regulation for information practices...self-regulation assumes that all privacy values can and should be resolved by a marketplace" (Reidenberg 1999).  "This is a classic case of market failure.  Without disclosure by corporations, citizens cannot ascertain how their personal information is acquired and used" (Reidenberg 1999).


Alternative Methods of Promoting Privacy

            For these reasons, it seems that the United States should try a different tactic for promoting online privacy - legislation.  Many other countries, including all members of the European Union, have already taken this approach.  Furthermore, in 2000 the Federal Trade Commission reversed its 1999 suggestion in recommending to Congress that it pass similar legislation (FTC 2000).


            The system of self-regulation that is in place in the United States differs significantly from the systems used in other countries.  Specifically, "The European Union views data privacy as a fundamental right that is best protected by legislation and federal policing. The United States, in contrast, relies largely on a self-regulatory approach to effective data privacy and protection" (Tan 1999).  "The provisions of the EU law require businesses to collect private data only for clearly stated purposes and forbid data disclosure to third parties unless consumers grant permission.  European consumers [also] have the right to sue companies that don't adhere to these rules" (Perine July 2000).


In 2000, the Federal Trade Commission voted to recommend that the United States pass similar legislation (FTC 2000).  According to its 2000 report to Congress, industry efforts to date "fall far short of broad-based implementation of self-regulatory programs" (FTC 2000).  For this reason,


while there will continue to be a major role for industry self-regulation in the future, a majority of the Commission recommends that Congress enact legislation that, in conjunction with continuing self-regulatory programs, will ensure adequate protection of consumer privacy online... The proposed legislation would set forth a basic level of privacy protection for consumer-oriented commercial Web sites.  Such legislation would establish basic standards of practice for the collection of information online, and provide an implementing agency with the authority to promulgate more detailed standards pursuant to the Administrative Procedure Act (FTC 2000).



            Roger Clarke, a visiting fellow at Australian National University, sums up the international need for data protection legislation as follows:


Legislation is essential, to establish incentives that encourage compliance; and disincentives that discourage inappropriate behaviour. The statute needs to be designed to strengthen the hand of industry associations as they seek to achieve order within their sectors, and to rein in the cowboys (Clarke 1999).



He then goes on to suggest that legislatures establish a set of privacy protection principles (Clarke 1999), which would be similar to those already defined by the FTC.  He also suggests that an agency be established with the authority to enforce these principles (Clarke 1999).




            The current system of privacy regulation for online commerce in the United States has several main flaws.  The system of self-regulation was initially adopted as a means of promoting the Department of Health and The Federal Trade Commission's fair information practice principles.  The system relies heavily on a market model, which states that companies should want to promote customer privacy because it will encourage business and boost revenue.  This concept is most directly evidenced by the spreading use of privacy seal programs.  However, fair information practices are far from universal, with most consumer sites not posting privacy policies that address all of the defined areas of privacy.  Also, the market model may not hold up for online commerce because consumers do not generally know enough to understand when their privacy is being compromised.  Based on this analysis, it seems as though other systems of privacy regulation should be explored.  Specifically, legislation similar to that of the EU should be considered.




[1] The Children’s Online Privacy Protection Act of 1998 places more restrictions on the online collection of personal information from children under age thirteen. (Children’s Online Privacy Protection Act)

Works Cited

Better Business Bureau Online web site.

Clarke, Roger.  "Internet Privacy Concerns Confirm the Need for Intervention."  Communications of the ACM.  February 1999.  Available at

ClickRewards web site.

Children's Online Privacy Protection Act of 1998.  Available at

Culnan, Mary J.  "Protecting Privacy Online: Is Self-Regulation Working?"  American Marketing Association Journal of Public Policy & Marketing.  Spring 2000. web site.

Engage web site.

Federal Trade Commission. "Self-Regulation and Privacy Online." July 13, 1999.

Federal Trade Commission. "Privacy Online: Fair Information Practices in the Electronic Marketplace." May 25, 2000.

Federal Trade Commission letter to Christine Varney, Esq., attorney for DoubleClick Inc.  January 22, 2001. Available at

Killingsworth, Scott.  "Minding Your Own Business: Privacy Policies in Principle and in Practice."  Journal of Intellectual Property Law Association.  Fall 1999.

Kotz, David. "Technological Implications for Privacy." January 3, 1999. web site.

 Net Perceptions web site.

Perine, Keith.  "Not Enough Privacy?" The Industry Standard.  July 10, 2000.

Perine, Keith.  "Privacy Activists File DoubleClick Complaint."  The  February 10, 2000.  Available at,1153,9694,00.html  

Reidenberg, Joel R.  "Restoring Americans' Privacy in Electronic Commerce."  Berkeley Technology Law Journal.  Spring 1999.

Robuck, Michael.  "Survey Says Internet Privacy A Concern Among Consumers: But Most Consumers Don't Know How to Protect Themselves."  Boardwatch Magazine.  October 2000.

Tan, Domingo R. "Personal Privacy in the Information Age: Comparison of Internet Data Protection Regulations in the United States and the European Union."  Loyola of Los Angeles International & Comparative Law Journal.  August 1999.

TRUSTe web site.

U.S. Department of Commerce: National Telecommunications and Information Administration.  "Privacy and Self-Regulation in the Information Age." Chapter 1.  June 1997.

US Dept. of Health, Education, and Welfare Secretary's Advisory Committee on Automated Personal Data Systems.  Records, Computers, and the Rights of Citizens viii 1973.

Return to