Colin J. Bennett & Deirdre K. Mulligan, Privacy on the Ground Through Codes of Conduct: Lessons from Canada
Comment by: Robert Gellman
Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2230369
Workshop draft abstract:
Privacy codes of practice have extensive histories in a number of countries outside the United States. At various times they have been adopted to anticipate privacy legislation, to supplement privacy legislation, to pre-empt privacy legislation and to implement privacy legislation. This paper draws upon international experiences and interviews with chief privacy officers to offer important lessons for American policy-makers about how codes of practice might best encourage privacy protection “on the ground.”
Despite obvious differences, the Canadian policy experience may be especially instructive. Private sector regulation was originally based on a bottom-up approach, through which legislation (the Personal Information Protection and Electronic Documents Act of 2000) was based on a voluntarily negotiated standard through the Canadian Standards Association (CSA). This in turn was based on existing sectoral codes of practice, of the kind envisaged by the US Department of Commerce. What has been the experience over the last decade? What useful lessons can be drawn for US policy? What are the economic, technological, legal and social conditions under which codes of practice might promote better privacy protection?