Privacy self-regulation through awareness?: A critical investigation into the market structure of the security field

Abstract

The security field can be used as a burning lens to focus particular problems when it comes to the self-regulation of privacy: while the industry certainly represents a particular case when it comes to actor relationships, our analysis shows which questions need to be asked in order to understand existing structures and obstacles to privacy protection. The chapter is based on outcomes of recent research of the PATS project (Privacy Awareness Through Security Organisation Branding), including analysis of literature, websites, brochures and expert interviews. We argue that powerful obstacles lie in market structures that are obscure rather than provide incentives for self-regulation. These findings inform further thought about an Accountability principle with regard to the governance of privacy in different industries dealing with (personal) data. It is not enough to look at legal provisions and privacy statements when we want to assess the state of "health" of privacy and data protection in the EU—we need a thorough examination of the patient.