Report: Many Failures – A Brief History of Privacy Self-Regulation
The report Many Failures: A Brief History of Privacy Self-Regulation, was published October 14, 2011.
Report authors: Robert Gellman and Pam Dixon
The focus of the report is on privacy self-regulation, and its historic effectiveness. This report reviews the leading efforts of the first privacy self-regulatory wave from 1997 to 2007, and includes a review of the life span, policies, and activities of the Individual Reference Services Group, Privacy Leadership Initiative, Online Privacy Alliance, Network Advertising Initiative, BBBOnline Privacy Program, US-EU Safe Harbor Framework, Children’s Online Privacy Protection Act, and the Platform for Privacy Preferences. A key finding of this report is that the majority of the industry self-regulatory programs that were initiated failed in one or more substantive ways, and, many disappeared entirely. The report concludes with a discussion of possible reforms for the process, including a defined and permanent role for consumers, independence, setting benchmarks, and other safeguards.
Report updates, news, and related items are posted in the blog below.
San Diego — 15 November, 2013: The General Accounting Office (GAO) issued its long-awaited report on data brokers, INFORMATION RESELLERS: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace. The report discusses key World Privacy Forum testimony and research. “We are pleased with the GAO report,” said Pam Dixon, Executive Director of the World Privacy Forum. “In particular, we are glad the GAO highlighted our work calling for a stop to the selling of people’s sensitive medical and health information for marketing purposes. This is a practice that is causing great harm, the GAO made the right call in pointing out new controls are needed.” This press release includes links to the GAO report, to Dixon’s Congressional testimony, and to the WPF report discussed by the GAO.
Current online privacy debates focus on respecting the privacy interests of Internet users while accommodating business needs. Formal and informal proposals for improving consumer privacy offer different ideas for privacy regulation and privacy self-regulation, sometimes called codes of conduct.  Some in the Internet industry continue to advance or support ideas for privacy self- regulation. Many of these same players proposed and implemented privacy self-regulatory schemes that started in the late 1990s.
This section offers a historical review of privacy self-regulation that occurred in the years just before and just after 2000. For a variety of reasons, it is not necessarily fully comprehensive. Some self-regulatory efforts may have disappeared without a trace. Activities within existing trade associations are difficult or impossible to assess from evidence available to those outside the associations. However, this discussion captures the leading organizations of the time. 
This section reviews several other privacy self-regulatory activities that share some characteristics with the industry self-regulatory programs discussed above, but these activities differ in various ways. The most noticeable differences are the role of the government in the programs. The Department of Commerce is involved in the Safe Harbor Framework, and the Federal Trade Commission is involved in the Children’s Online Privacy Protection Act.
The self-regulatory efforts in this category include projects that have many components, including input from government, industry, academia, and civil society.