This section offers a historical review of privacy self-regulation that occurred in the years just before and just after 2000. For a variety of reasons, it is not necessarily fully comprehensive. Some self-regulatory efforts may have disappeared without a trace. Activities within existing trade associations are difficult or impossible to assess from evidence available to those outside the associations. However, this discussion captures the leading organizations of the time. [13]

This section reviews several other privacy self-regulatory activities that share some characteristics with the industry self-regulatory programs discussed above, but these activities differ in various ways. The most noticeable differences are the role of the government in the programs. The Department of Commerce is involved in the Safe Harbor Framework, and the Federal Trade Commission is involved in the Children’s Online Privacy Protection Act.

Self-regulation — The World Privacy Forum has published a report on past self-regulatory efforts in the area of privacy, Many Failures: A brief history of privacy self-regulation. “Privacy self-regulation has been a Potemkin Village of consumer protection,” says executive director Pam Dixon. “History shows a pattern of past self-regulatory efforts that have been erected quickly and have faded after regulatory threats fade.” The report is authored by Robert Gellman and Pam Dixon. It includes details about programs such as the IRSG, the Privacy Leadership Initiative, the Privacy Alliance, and other programs. A key finding of this report is that the majority of the industry self-regulatory programs that were initiated failed in one or more substantive ways, and many disappeared entirely.

The self-regulatory efforts in this category include projects that have many components, including input from government, industry, academia, and civil society.

Is there any reason to think that privacy self-regulation will work today when it did not work in the past? Privacy self-regulation done in the same way that it has been done in the past, without sufficient consumer participation, and with the same goals of simply evading real regulation and effective privacy controls will continue to fail.