With formal privacy policymaking processes mired in discord, governments and regulators in the United States and Europe have turned to the private sector seeking assistance and solutions. Multistakeholder-driven self-regulation and co-regulation have been pursued in a variety of contexts ranging from online privacy and transparency for mobile applications to protection of transborder data flows. This article focuses on one such process, the World Wide Web Consortium (W3C) discussion of a Do Not Track (DNT) standard, as a case study. It critically analyzes the procedural pitfalls, which hampered the quest to reach a compromise solution acceptable by groups with diametrically opposed interests, including industry players, government regulators, and privacy advocates. It is based on a series of interviews that the Authors conducted with participants in the process, including leading industry, civil society, and the government players. Proponents of multistakeholder processes, including the U.S. government, suggests that this mode of policymaking benefits from important advantages, including an opportunity to coopt industry experts, move swiftly to conclusion, and garner industry support. The reality, however, is that the W3C process featured few of these benefits. It was protracted, rife with hardball rhetoric and combat tactics, based on inconsistent factual claims, and under constant threat of becoming practically irrelevant due to lack of industry buy-in. Perhaps this should not be surprising. The way DNT has been framed—as a veritable “on/off” switch for an entire industry—inevitably raised the stakes for a common accord. Indeed, DNT crystalizes a deep ideological divide about right and wrong in online behavior, with one side arguing that merely collecting users’ information is wrong, and the other side claiming a right—in fact a business imperative—to use such information for multiple goals. Add to that a healthy portion of competitive maneuvering within the industry, and you get a combustive mix.

First Page


Included in

Privacy Law Commons