The Internet poses grave new threats to information privacy. Search engines collect and store our search queries; websites track our online activity and then sell this information to others; and Internet Search Providers read the very packets of information through which we interact with the Internet. Yet the debate over how best to address this problem has ground to a halt, stuck between those who call for a vigorous legislative response and those who advocate for market solutions and self-regulation. In 1995, the European Union member states began to build a third approach into their data protection laws, one in which government and industry work together to develop and enforce privacy rules. This “co-regulatory” model could provide a way to transcend the frozen U.S. debate. But it has received little attention in the United States and almost no analysis in the law review literature. This Article identifies the threats to online privacy; evaluates whether the two main alternatives—government regulation, and the market/self-regulation—can adequately address these threats; surveys the theoretical literature on co-regulation; and, finally, describes and analyzes the statutes through which E.U. member states have implemented the new approach. It provides the first comprehensive analysis of these laws in a U.S. law review and develops an original way of categorizing and understanding them.
Dennis D. Hirsch, The Law and Policy of Online Privacy: Regulation, Self-Regulation, or Co-Regulation?, 34 SEATTLE U. L. REV. 439 (2011).