The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.- Samuel D. Warren, Louis D. Brandeis (1890)
“You have zero privacy anyway. Get over it.” Sun Microsystems CEO Scott McNeally
The mantra in Washington D.C. concerning the Internet has been "self-regulation." The paradigm example of the mantra has been privacy. It was preached that premature intervention by the Federal government would risk stifling ecommerce. In a competitive market where consumers have bountiful choices, where information concerning company practices and transgressions is readily available, and where fraudulent and deceptive activity can be penalized, industry's solemn oath to be good would be sufficient.
Every year, privacy legislation would be introduced in Congress (sometimes it would be among the first legislative proposals submitted in a given Congress) and every year it would be rejected. The Federal Trade Commission, prior to 2002, had submitted several reports to Congress on the impact of the Internet and ecommerce on privacy, and every time the FTC has stayed largely faithful to the tenant of self-regulation.
But in time, visions of paradise transformed into the reality of trouble and abuse. Growing pains of the new online economy were tolerated as industry, consumer groups, and governments continued to negotiated resolutions to privacy blunders. [News] But, when it comes to children, industry blunders were swiftly greeted with the hammer coming down. [See also e.g. CDA, COPA, CIPA seeking to protect children from harmful content]
The first reformation came in 1996 with the Center for Media Education Report documenting the behavior of online services with children’s information. The documented behavior was atrocious. The online services might set up games where the children could earn points towards winning prizes. Play a few games and win a few points. Provide the salaries of your parents along with information about whom they work for and win lots of points.
This led to the Federal Trade Commission 1998 report Privacy Online: A Report to Congress. This Report found that while 89% of sites surveyed collected information from children, only 24% had posted privacy policies, and only 1% required prior parental consent. These reports led to the unusual break from the mantra for self regulation and the swift passage of the Children's Online Privacy Protection Act, the first online privacy law of the Internet era.
As the Clinton Administration's time came to a close, the faithful continued to abandon "self regulation." The last FTC Privacy Report of the Clinton era continued the call for reformation, concluding that the time for self regulation had passed. The FTC recommended to Congress that privacy legislation responsive to industry transgressions would be appropriate.
Ongoing consumer concerns regarding privacy online and the limited success of self-regulation efforts to date make it time for government to act to protect consumers' privacy on the Internet. Accordingly, the Commission recommends that Congress enact legislation to ensure adequate protection of consumer privacy online.
[Privacy Report 2000 p. 36]
Reminder: Unlike the private sector where there is no federal legislation generally mandating privacy policies, the public sector plays under different rules. [See Privacy Act] Government entities have explicit legal obligations concerning privacy, the collection of information, and the dissemination of that information. There are specific obligations that apply to government online resources. [See Sec. 626, Exec. Memo M-00-13, Exec. Memo M-99-18, ECPA] Oh, one area of privacy protection for the private sector involves telephone carriers. [See CPNI]
