How to Regulate Online Services

Abstract

The previous chapter, and indeed Part I as a whole, has shown that online services have systemic problems resulting from pervasive personal data collection and processing. These problems clearly require some regulation, which, as will be argued, should lead to the construction of an effective privacy management system. Such regulation should be responsive to the regulatory environment and should understand the context and motivations of those who are to be regulated. There may be various possible models of such responsiveness, but this book follows the view that there is no tightly prescriptive theory of such regulation and that it should rather be grounded on the practical problems present in a given industry. In keeping with that view, this book does not aim to set out any novel framework or to resolve any debate about regulatory models or modes of regulation; it only aims to find a practical response to the deficiencies outlined in Part I. These deficiencies come from the economic incentives of market players and are strongly related to the ICT architecture. This is the peculiarity of the regulation of technology to which writers often respond by referring to regulating forces (developed by Lessig) - law, the market, ‘norms’ and ‘code’ (i.e. regulation by technology). This book will refer to some ideas from this model, but it will not be adopted in its entirety. Instead, it will be used to devise a ‘smart’, complementary set of regulatory tools to change the incentives of market players and respond to the problems just described. Therefore, this chapter draws a detailed plan of this kind of regulation of online services. Section 1 of the chapter defines objectives (what effective regulation should achieve) and presents the main regulatory tool - the Privacy Management Model (PMM). Section 2 then aims to explain why the PMM should underpin the regulatory tools designed to protect individual privacy. Finally, section 3 focuses on the regulatory tools that are capable of implementing PMM and, in so doing, introduces the subsequent chapters. REGULATING PRIVACY WITH THE PRIVACY MANAGEMENT MODEL This book focuses on the regulation of the specific relationships between data subjects and online service providers. These relationships are based on the private interests of two parties, who come to the transaction to achieve reciprocal benefits.