Chris Hoofnagle writes:
The Department of Commerce’s Green Paper explores the idea that industries could create self-regulatory codes of conduct for privacy, and that the FTC could enforce those codes. In a previous post, I explain why the assumption that the FTC can police these promises is problematic. Here, I hope to remind participants in the debate that we’ve tried voluntary codes for over a decade now, and in the privacy field, it hasn’t gone too well.
America’s sectoral privacy system has created a culture where many businesses build their systems just outside a regulatory regime, use the same data covered by the regime, and even sell it to the actors that the regime anticipates regulating. One such example is the commercial data broker. These companies sell data very similar to a credit report, to entities that typically buy credit reports, for purposes very close to credit reporting purposes, but nonetheless, much of their activities remains outside the FCRA.
Read more on TAP.