TrustArc Blog

When Self-Regulation Works, Your Privacy Is In Good Hands

July 27, 2012

Jim Adler
Chief Privacy Officer & GM of Data Systems | Intelius

Image Credit

Despite the ongoing discussions about online privacy by legislatures, regulators, and data conservationists — self-regulation remains the primary tool to ensure consumer information is handled responsibly. And rightly so.

Too often, privacy debates devolve into false dichotomies, dominated by arguments that advocate for being always anonymous or that privacy is dead. Both are wrong. Online privacy continues to be an important conversation because we humans are both social and autonomous creatures. And, we need solutions that balance values of both disclosure and discretion. The U.S. founders knew that.

Through products and services, the technology industry is well positioned to address the weighty nuances of deciphering public from private places, understanding who uses what products, and how those products might be abused.

But although industry might be best positioned to address privacy issues, they have no monopoly on them. Privacy is a team sport. As I discussed in my talk at the recent Privacy Identity Innovation conference, technologists drive innovation. But responsible innovation is only achieved when tempered with the counsel (and sometimes warnings) of humanitarians — philosophers, journalists, economists, anthropologists, and historians. And, where appropriate, this counsel must be heeded and enforced, either voluntarily through self-regulation or involuntarily by law.

Self-regulation is simply the most efficient way to protect consumers and encourage innovation. Let me break it down:

  1. Self-regulation adapts better than government regulation
    The process of creating, passing, implementing, sustaining and auditing government regulation is, as you can imagine, quite long. Congress has attempted comprehensive privacy legislation for years. While the FTC has been effective at prosecuting offenders recently, it just can’t give consumers the protections they need and the innovation they want. Self-regulation is fast. Privacy companies, like TRUSTe, can verify the claims of their clients and operate at the speed of technology.
  2. Self-regulation offers solutions to actual problems
    By allowing industry to self-regulate, innovation is prioritized alongside consumer protection — not innovation at the expense of consumer protection. We tend to forget how new the Internet is and, to some extent, that we are all making this up as we go.
  3. Self-regulation encourages a race to the top
    Industry players vie for users. Winning companies offer the best products and are most responsive to all stakeholders including customers, advocates, and regulators. Take, for example, Intelius’ work with the National Network to End Domestic Violence (NNEDV).  Working with NNEDV, we developed a suppression feature in TrueRep which offers users the opportunity to block their most recent contact information (my take here).
  4. Self-regulation fits with Privacy-by-Design (PbD)
    By accommodating for privacy early in the design process, users can have just-in-time controls over their data. PbD was one of the driving forces for our TrueRep product where users have access and control of their own public profile.
  5. Self-regulation addresses data abuses
    The fiercest enemy of consumer privacy is data abuse. Sure, data abuse can’t be accomplished without access to the data. But where data is already public, it shouldn’t be used for harm. That’s the wisdom of the Fair Credit Reporting Act. No matter how the data is accessed, businesses must tread carefully when it’s used for sensitive purposes like hiring or housing.

We humans are complex. As we map our complex society online, getting privacy right will take some time. Self-regulation is a key ingredient to responsible, fast-paced innovation. Give it a chance.