Document Type


Publication Title

Berkeley Technology Law Journal



Publication Date



Privacy, self-regulation, European Union, O.E.C.D., PICS, P3P, W3C


In the United States today, substance abusers have greater privacy than web users and privacy has become the critical issue for the development of electronic commerce. Yet, the U.S. government’s privacy policy relies on industry self-regulation rather than legal rights. This article argues that the theory of self-regulation has normative flaws and that public experience shows the failure of industry to implement fair information practices. Together the flawed theory and data scandals demonstrate the sophistry of U.S. policy. The article then examines the comprehensive legal rights approach to data protection that has been adopted by governments around the world, most notably in the European Union, but finds that difficulties implementing these laws for online services pose important challenges for the effective protection of citizens’ privacy. The lessons show that safeguarding citizens’ rights requires a combination of law and technology and that a legal incentive structure is necessary to stimulate the rapid development and implementation of privacy-protecting technologies. The article concludes with a recommendation for a framework privacy law in the United States modeled on the O.E.C.D. guidelines that includes a safe harbor provision for policies and technologies and that creates a U.S. Information Privacy Commission to assure the balance between citizens’ privacy, industry needs, and global competitiveness.