Privacy in the Digital Age. What Role for Public and Private Actors?

GEM-STONES Policy Briefs. AGORA Forum, March 2020

Executive Summary

The protection of privacy is an issue of particular importance in the growing digital economy. While being a hot topic long before the rise of the Internet and connected devices, the development of increasingly powerful data collection and processing methods has brought it back to the forefront of public debates globally. Next to new public laws being adopted, selfregulatory programmes developed by industry have been promoted since the mid-1990s. How both public and private rules have contributed to the governance of data protection is in that context a key question. Based on in-depth analysis of all self-regulatory programmes adopted in the United States and Europe since 1995 as well as interviews with key informants in both jurisdictions, this policy brief suggests:

• As a general rule, self-regulatory tools have almost always been spurred by public actions. Private forms of regulation should thus not be seen as a replacement, but a complement to public laws that often need to be supported by public actors.
• The assumed flexibility and adaptiveness of selfregulatory tools is generally quite limited. The creation of new legal obligations is the exception rather than the rule.
• Self-regulatory tools can however be useful in clarifying how broad obligations can be applied in specific economic sectors.
• Despite mitigated results in promoting compliance with data protection laws, self-regulatory tools can be useful and help ensure that similar rules are followed in various jurisdictions at the same time.
• The European Union can thus benefit from continuing to proactively engage with industry to promote the development of self-regulatory tools as it tries to ensure that the GDPR is applied.