Setting Standards for Fair Information Practice in the U.S. Private Sector

The confluence of plans for an Information Superhighway, actual industry self-regulatory practices, and international pressure dictate renewed consideration of standard setting for fair information practices in the U.S. private sector. The legal rules, industry norms, and business practices that regulate the treatment of personal information in the United States are organized in a wide and dispersed manner. This Article analyzes how these standards are established in the U.S. private sector. Part I argues that the U.S. standards derive from the influence of American political philosophy on legal rule making and a preference for dispersed sources of information standards. Part II examines the aggregation of legal rules, industry norms, and business practice from these various decentralized sources. Part III ties the deficiencies back to the underlying U.S. philosophy and argues that the adherence to targeted standards has frustrated the very purposes of the narrow, ad hoc regulatory approach to setting private sector standards. Part IV addresses the irony that European pressure should force the United States to revisit the setting of standards for the private sector

Lex Informatica: The Formulation of Information Policy Rules through Technology

Historically, law and government regulation have established default rules for information policy, including constitutional rules on freedom of expression and statutory rights of ownership of information. This Article will show that for network environments and the Information Society, however, law and government regulation are not the only source of rule-making. Technological capabilities and system design choices impose rules on participants. The creation and implementation of information policy are embedded in network designs and standards as well as in system configurations. Even user preferences and technical choices create overarching, local default rules. This Article argues, in essence, that the set of rules for information flows imposed by technology and communication networks form a “Lex Informatica” that policymakers must understand, consciously recognize, and encourage

E-Commerce and Trans-Atlantic Privacy

For almost a decade, the United States and Europe have anticipated a clash over the protection of personal information. Between the implementation in Europe of comprehensive legal protections pursuant to the directive on data protection and the continued reliance on industry self-regulation in the United States, trans-Atlantic privacy policies have been at odds with each other. The rapid growth in e-commerce is now sparking the long-anticipated trans-Atlantic privacy clash. This Article will first look at the context of American e-commerce and the disjuncture between citizens\u27 privacy and business practices. The Article will then turn to the international context and explore the adverse impact, on the status quo in the United States, of European data protection law as harmonized by Directive 95/46/EC of the European Parliament and of the Council of 24 Oct. 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Following this analysis, the Article will show that the “safe harbor” agreement between the United States Department of Commerce and the European Commission--designed to alleviate the threat of disruption in trans-Atlantic data flows and, in particular, to mollify concerns for the stability of online data transfers--is only a weak, seriously flawed solution for e-commerce. In the end, extra-legal technical measures and contractual mechanisms might minimize privacy conflicts for e-commerce transactions, but an international treaty is likely the only sustainable solution for long-term growth in trans-border commercial interchange

The normativity of code as law: towards input legitimacy

In the debate on how the new information and communication technologies impact on democratic politics the role played by the digital architecture seems to be surprisingly underrated. In particular, while a lot of attention has been paid to the possibilities that new technologies open up to democratic theory, few works have attempted to look at how democracy may help in shaping technologies. By adopting as a starting point the approach known as ‘code as law’, the paper aims at two objectives: to re-affirm the importance of discussing normative principles to guide the process of code writing in order to reinvigorate the debate; to claim the importance of input reasons when deciding which principles should be chosen. After having remarked that code is relevant for establishing democratic norms, the paper briefly tackles with the main attempts by European scholars to deal with this issue. Then, a couple of practical examples of how code impacts on democratic rights are sketched out. In the last section of the paper a shift from an output-based approach to the legitimacy of code to an input-based is openly advocated: an inquiry into the legitimacy of code should focus on its production

Governing Networks and Rule-Making in Cyberspace

The global network environment defies traditional regulatory theories and policymaking practices. At present, policymakers and private sector organizations are searching for appropriate regulatory strategies to encourage and channel the global information infrastructure (“GII”). Most attempts to define new rules for the development of the GII rely on disintegrating concepts of territory and sector, while ignoring the new network and technological borders that transcend national boundaries. The GII creates new models and sources for rules. Policy leadership requires a fresh approach to the governance of global networks. Instead of foundering on old concepts, the GII requires a new paradigm for governance that recognizes the complexity of networks, builds constructive relationships among the various participants (including governments, systems operators, information providers, and citizens), and promotes incentives for the attainment of various public policy objectives in the private sector