Regulating Privacy by Design

Privacy and Security

Article Snapshot


Ira Rubinstein


Berkeley Journal of Law and Technology, forthcoming 2012


This article suggests how privacy regulators might develop appropriate incentives to implement privacy by design.

Policy Relevance

Issues surrounding the implementation of privacy by design and an approach to regulation that incentivizes privacy by design.

Main Points

  • Privacy by design is a systematic approach to designing any technology that embeds privacy into the underlying specifications or architecture.

  • Privacy Enhancing Technologies (PETs) are applications or tools with discrete goals that address a single dimension of privacy (e.g. control over personal information).

  • Despite the endorsement by regulators, PETs have not achieved widespread acceptance in the marketplace and relatively few firms have embraced privacy by design.

  • The lack of consumer demand for PETs, the opportunity cost in implementing better privacy, and the scarcity of data to do an adequate cost-benefit analysis of privacy by design suggest that market-based approaches are not likely to increase firm investments in privacy safeguards.

  • Barring new legislation, the FTC should rely on strategic enforcement actions to encourage privacy by design and should also convene experts from industry, advocacy groups, and academia to develop best practices for privacy by design.

  • If Congress enacts new legislation and authorizes the FTC to issue implementing regulations, the FTC should try innovative regulatory approaches that relax one-size-fits-all requirements in exchange for better privacy results, negotiate solutions to emerging regulatory challenges, and/or implement safe harbors that allow flexible self-regulatory arrangements.

Get The Article

Find the full article online

Search for Full Article