Nick Doty & Deirdre Mulligan, The technical standard-setting process and regulating Internet privacy: a case study of Do Not Track
Comment by: Jon Peha
Workshop draft abstract:
Regulating Internet privacy involves understanding rapidly-changing technology and reflecting the diverse policy concerns of stakeholders from around the world. Technical standard-setting bodies provide the promise of software engineering expertise and a stable consensus process created for interoperability. But does the process reflect the breadth and depth of participation necessary for self- and co-regulation of online privacy? What makes a standard-setting or regulatory process sufficiently “open” for the democratic goals we have for determining public policy?
Drawing from literature in organizational theory, studies of standards development organizations and cases of environmental conflict resolution, this paper explores the applicability of consensus-based standard-setting processes to Internet policy issues. We use our experience with the ongoing standardization of Do Not Track at the World Wide Web Consortium (W3C) to evaluate the effectiveness of the W3C process in addressing a current, controversial online privacy concern. We also develop success criteria with which the privacy professional and regulatory community can judge future “techno-policy standards”.
While the development of techno-policy standards within consortia like the W3C and the Internet Engineering Task Force shows promise for technocratic and democratic regulation, success depends on particular properties of the participation model, the involvement of policymakers and even the technical architecture.