The Possibilities and Limits of Self-regulation

views updated

The Possibilities and Limits of Self-regulation



If regulation of the internet is inevitable or necessary, many would argue that it should take the form of self-regulation. This is understood as the empowerment of industry and individuals (misunderstanding of self-regulation notwithstanding) to regulate the internet themselves, sans involvement of the government, which tends to be seen as corrupted, self-serving and cluelessly inefficient. Such a position, however, assumes that the conditions for self-regulation are ideal for the internet. As this chapter will show, the conditions are not yet ripe for self-regulation in the traditional sense of the word—industry regulating itself.

The term “self-regulation” has been misunderstood and misapplied by the internet community so it is necessary to clarify its meaning and its limits and possibilities. The Internet Law and Policy Forum (ILPF), in presenting its bibliography of internet self-

regulation, said that in “discussions, arguments, and debates about regulating the Internet… it was clear that people were using key terms such as ‘Internet,’ ‘regulation,’ and most of all ‘self-regulation,’ in a variety of different ways, many of them confusing and inconsistent.” It said:

The recurrent mantra was that, ‘the Internet should not be regulated by the government, but should be self-regulated instead.’ Everyone was talking about self-regulation as the obviously preferable alternative to government regulation, but as far as was evident from these discussions, ‘self-regulation’ equaled lack of government regulation. But no affirmative definition or description of self-regulation seemed forthcoming. What is self-regulation of the Internet? What does this look like? Who is the ‘self that is regulating itself?… Does self-regulation really mean no regulation? And just what does it mean to ‘regulate’ something? Does it mean to make laws? Enforce them? Punish people? Who is going to do it?1

Those good questions notwithstanding, the ILPF has not made much progress in the study of self-regulation beyond the 1998 entry on its website.


Definition of Self-regulation

Even up to as late as 1993, self-regulation was widely understood as the regulation of an industry by itself. It was apparently so widely

1 Matthew J. McCloskey, “Bibliography of Internet Self-Regulation,” 1988. (accessed February 6, 2001) (changed).

2 Parts of this section follows the outline in the ILPF bibliography on internet self-regulation.

accepted that a Ph.D. dissertation in the University of Oxford titled “Theories of Self-Regulation”3 did not bother to define the term anywhere in the study.

It is possible that as the use of the term gained greater currency, the word became misunderstood and misused. Perhaps contributing to the confusion is that self-regulation has been and is being used in the sense of the individual regulating himself or herself. Thus back in 1695, a vicar in England wrote of regulating one's life (self-regulation) “according to the Royal Pattern.”4 Search any library and the word “self-regulation” appears in books associated with self-management or self-control in the health literature. The notion of self-regulation of health has been applied to self-control,5 biofeedback, psychology and learning.6

Larry Irving, then US Assistant Secretary of Commerce, said that self-regulation had a range of meanings:

At one end of the spectrum, the term is used quite narrowly, to refer only to those instances where the government has formally delegated the power to regulate, as in the delegation of securities industry oversight to the stock exchanges. At the other end of the spectrum, the term is used when the private sector perceives the need to regulate itself for whatever reason—to respond to consumer demand, to carry out its

3 Amelia Fletcher, “Theories of Self-Regulation” (PhD diss., Oxford University, 1993).

4 Edmund Arwaker, Thoughts Well Employ'd, or the Duty of Self-Observation in the Care and Regulation of Life, According to the Royal Pattern (London: William Tyndall, 1695). The first chapter is titled “What the ways are which must employ our thoughts, viz. The way of the heart, the tongue, the actions.” Perhaps if more people had heeded the ancient wisdom, internet regulation, self or otherwise, would not be necessary.

5 Roy F. Baumeister, Losing Control: How and Why People Fail at Self-Regulation (San Diego: Academic Press, 1994).

6 onique Boekaerts, Paul Pintrich and Moshe Zeider, Handbook of Self-Regulation (London: Academic Press, 2000).

ethical beliefs, to enhance industry reputations, or to level the market playing field—and does so.7

This industry self-regulation has varying degrees of sanctions, as will be shown later, but it is generally most effective when it is backed up by the sanction of law. In fact, self-regulation, in the conventional sense, occurs when regulatory authority—creating a rule, enforcing the rule, and punishing rule-breakers—is formally delegated to a private entity. Sometimes, to ensure compliance, the punishment may be meted out by the formal regulatory authority instead of the private body. This, in fact, is the understanding of “self-regulation”8 in the Bertelsmann Foundation's 1999 study on internet content, when it also called for some government regulation. That understanding of self-regulation was criticized by the Center for Democracy and Technology as being “an exercise in informal state action.”9

Increasingly, this approach of having the government as a backstop is known as co-regulation.10 And self-regulation is seen as “voluntary co-operative actions by stakeholders,”11 which IS the industry. The differentiation of the terms by government bodies in Australia and the UK is significant because they have extensive,

7 Larry Irving, “Introduction to Privacy and Self-Regulation in the Information Age,” 1997, National Telecommunications and Information Administration (NTIA). (accessed February 10, 2001).

8 Jens Waltermann and Marcel Machill, eds., Protecting Our Children on theInternet: Towards a New Culture of Responsibility (Gutersloh: Bertelsmann Foundation Publishers, 2000).

9 D. Mulligan, “An Analysis of the Bertelsmann Foundation Memorandum on Self-Regulation of Internet Content: Concerns from a User Empowerment Perspective,” October 1999, Center for Democracy and Technology. (accessed February 14, 2001).

10 Australian Broadcasting Authority, “Broadcasting, co-regulation and the public good,” press release, October 29, 1999. (accessed February 3, 2001).

11 Office of Telecommunications in the United Kingdom, “Encouraging self- and co-regulation in telecoms to benefit consumers,” June 2000. (accessed February 13, 2001).

perhaps even the world's most extensive, use of self-regulation in their legal systems.

Globally, the range of self-regulatory tools is wide and this part of the chapter aims to highlight them and to clarify the distinctions.

The ILPF has a bibliography of self-regulation specific to the internet.12 Probably because of its specificity, the self-regulatory instruments and examples listed are not exhaustive. The framework that McCloskey (Figure 4.1 below) has drawn up to categorize the approaches is useful for the discussion here.

The term “self-regulation” in this chapter embraces “co-regulation.” That is, self-regulation is regulation by the industry with or without government legislation backing up the effort.

12 McCloskey, “Bibliography of Internet Self-Regulation.”

Self-regulation by the Individual

As noted earlier, there is a train of thought that self-regulation is regulation of the individual by the individual. The author has seen sites that claim to believe in self-regulation because “we regulate ourselves.”13 Such a claim is quite useless unless it is specific. In the offline world, shops that say “Satisfaction Guaranteed” back it up with an explicit policy that allows any exchange within a certain period. The claim can be tested and a shop that does not do what it claims can be sued or prosecuted for misrepresentation. A vague “we regulate ourselves” claim cannot be tested because the hats of the rule-maker, enforcer and judge are worn by one and the same entity.

A form of self-regulation that resembles individual regulation is the Acceptable Use Policy (AUP) common with internet hosting and ISPs.14 This contractual approach is applied by a company on its users. Thus, an ISP typically has an AUP that bars spam. So, for example, if a user spams other users, the ISP can terminate the spammer's account. However, most AUPs say very little, if anything at all, about the responsibility of the ISP. They do not state what would happen if the company itself breaches or fails to enforce its own policies.

This contract paradigm has its limitations. A major scenario would be an individual user coming up against an organization. If the organization refuses to enforce its own rules, there is little an individual can do beyond switching ISPs. Because of the one-sided nature (asymmetry) of such policies, they are best described as voluntary standards or voluntary compliance.

In such a situation, the internet user is left to “self-regulate.” Such a perspective is evident in the approach to content regulation by

13 One such site close to home for the author used to be The notice was there until late 2000.

14 A recent study commissioned by the Bertelsmann Foundation described such regulations as Model 1 codes (Price and Verhulst, 2000).

parents who are responsible for children's intake of information over the net.15

Regulation by the Social Community

A common term used to describe how internet users regulate themselves is “netiquette” from the phrase “network etiquette.” The best examples are the netiquette of email and message postings on discussion groups. For example, email should be sent only with the consent of the receiver; doing otherwise is called spamming and could restrict one's internet access. Similarly, one should not post offending or off-topic messages on discussion groups.16

Netiquette rules have developed over time without any input from any one person or body. Arguably, these are commonsense rules necessary for the proper functioning of the net, but the fact that such rules exist indicate a tendency for violations. The community punishes violators in breach of netiquette, especially if the violator is unrepentant. That is, the community polices itself. There is no need for a formal legal process (it is doubtful even if such a process is readily available or can work).

The classic example of this is the US immigration law firm of Canter and Siegel that advertised its services on more than 5,000 Usenet groups in 1994. Large files were sent to their mail box to crash

15 D. Mary Pridgen, “How will Consumers be Protected on the Information Superhighway?” Land & Water Law Review 32 (1997): 237, 245–46. Ironically enough, in the US, where the civil liberty movement arguably is the strongest, since 1999, virtually all television programs are accompanied with a rating before they begin. As far as this author knows, no country in Asia has such a similar extensive rating scheme.

16 Brad Templeton wrote one of the first netiquette for email and Usenet postings in 1995. It has been regularly updated with the latest being in 1999, which was in jest perhaps since netiquette was widely known by then. ( pub/usenet-by-group/news.announce.newusers/Emily_Postnews_Answers_ Your_Questions_on_Netiquette)

their account.17 Arguably, because of the reaction of the community, no one has since sent unsolicited emails that has had such a wide reach.

The social norms established by a community—a form of self-regulation—are essential for the internet to thrive. The norms lay the ground rules for human interaction. These norms, however, are often taken for granted. It is only when they are violated that it becomes obvious that the norms exist in the first case.18 In the Cantor and Siegel case, the reaction of the internet community showed the importance of being on-topic. A problem with such norms then is that they are underscored only after the fact.

It is difficult, if not impossible, to list all the norms, but not to list them would expose the community to possible harm. In fact, a classic account of the development of a virtual community is by Howard Rheingold in his book of the same name.19 While it recounts the growth of WELL, it also recounts how the seeds of destruction of WELL were sown when these social norms were violated.

However, it is clear that it is not possible for the net community to police all norms all the time. Not all norms are susceptible to such policing, and to do so all the time would be inefficient. Thus, for example, AUPs drawn up by many, though not all, email providers have included spam as something users should not send.

Regulation by the Internet

The internet has been regulating itself to the extent that there are technical rules that must be obeyed. These rules or standards are set by such bodies as the Internet Engineering Task Force (IETF),

17 Francois Velde, “Beginner's Kit/Etiquette Guide,” 1996. (accessed February 7, 2001).

18 Robert C. Ellickson, Order Without Law: How Neighbours Settle Disputes (Boston: Harvard University Press, 1991).

19 Howard Rheingold, The Virtual Community: Finding Connection in a Computerized World (London: Secker & Warburg, 1994).

Internet Architecture Board (IAB) and the Internet Corporation for Assigned Names and Numbers (ICANN). It could be said that one the rules are self-policing in that those who violate them are not able to connect to the internet. Because of the serious consequences, there is little incentive to disregard the rules.20

As a side-note, McCloskey in his report21 for the ILPF puts P3P in this category. But in the author's view, it does not belong there. Unlike the rules issued by the IETF, IAB or ICANN, the internet can function without paying any attention to P3P at all, which means that the quality of the sanctions is different from those set by other technical standards bodies.

Regulation by the Industry

The motivations for self-regulation vary. Some are concerned with raising the quality of goods and services, thereby making it possible to raise prices; others with the protection of the consumer. Some industries self-regulated themselves as they faced the threat of statutory regulation.

There are many approaches to self-regulation involving industry. Fletcher's study22 on the theories of self-regulation found that membership was required for some codes but not all. She found that many professional bodies were self-regulated and had statutory backing, while other self-regulatory regimes had a heterogeneous membership.

Table 4.1 below offers some examples of self-regulatory codes and the varying approaches to developing them. Different codes have diverse focuses and methods of enforcement. Companies (singly or together as an industry,) consumers, governments and interested third

20 There is a small group of sites under AlterNIC but the number is so small as to be trivial compared to the number of existent sites.

21 McCloskey, “Bibliography of Internet Regulation.”

22 Fletcher, “Theories of Self-Regulation.”

Table 4.1: Diversity of Approaches of Self-regulatory Codes
Notes: * International Organization for Standards
** Lawyers, doctors, engineers, etc.
Source: Adapted from Global Accountability Program, Interfaith Center on Corporate Responsibility, “A Content Comparison of Various Codes of Conduct,” January 2000. (accessed February 15, 2001).
CodeISO*Corporate code of conductCode of professional bodies**Fair labor associationAccreditation of educational bodies
Code proponentsISOCompanyProfessional bodyCoalition of consumer and labor activistsIndustry association
FocusIndustrial processEthics, relationship with suppliers etc.Professional conduct,Minimum labor standardsMinimum standards in educational institutions
Reporting to publicYesNoSome casesYesYes
Transparency Reporting to code proponentsYesYesYesYesYes
Reporting to shareholdersYesYesNANANA
Reporting to governmentNoNoPossiblyYesPossibly
Monitoring Internal monitoring by companyYesYesYesYesYes
External monitoring by auditorsYesNoNoYesYes
Independent monitoring by human rights, labor rights, religious groupsNoPossiblyNoYesNo
Monitoring by governmentNoNAYesNoNo

parties can play a role in setting, monitoring and enforcing rules. Table 4.1 also suggests that the distinction between government and nongovernment involvement, which seems rife in relation to governing the internet, is a recent feature in developing and enforcing codes.

Quite commonly, self-regulatory codes are developed in consultation with the government and/or consumer agencies, then adopted and administered exclusively by a trade or profession. Banking and insurance codes of practice are one example. In a number of countries, an industry-funded ombudsman may adjudicate on disputes that cannot be resolved by companies and their customers.

Then there are codes developed by governments imposed upon the industry, with a government agency in charge of administration. The Singapore code for internet content is one such example. Such codes may or may not have industry input but would be mandatory to the relevant sector.

And there are hybrids of the above two where codes are drawn up by trade associations in consultation with a government agency responsible for that area. Australia's code for regulating content developed by the Internet Industry Association is one such example. These codes may be used to regulate an entire sector, including those that are not members of the association. In general, experience shows that statutorily-backed codes have a better probability of compliance.

To be sure, there are “pure” self-regulatory codes that do not involve the government at all. These include codes of conduct and practice at the corporate as well industry level. As noted earlier, corporate codes can be credible if the public can hold companies accountable.

At the industry level, a good example would be advertising codes. In Australia, for example, the Advertising Standards Bureau (the “Bureau”) acts as a focus group on the tastefulness of nationwide television advertisements. There is nothing to stop an advertiser from running an advertisement that was given the thumbs down by the Bureau, but advertisers do not do it for fear of offending tastes.

The prevalence of advertising codes in many parts of the world may be attributable to a common problem: In advertising, it is possible for poor quality advertisements to tarnish the advertising

agencies. Consumers see only the advertisements, not the creators behind them. It, therefore, makes sense (for the advertisers as well who mind being laughed at) to impose minimum standards for the advertising industry. Only when advertisements mislead will consumer law come into play. Such instances of misleading advertisements are few and far between because a well-monitored, self-regulatory system will catch the offending advertisements.

Another example of a “pure” self-regulatory code is the one set up by European alcoholic beverage companies to discourage misuse of alcohol. This was aimed at pre-empting government regulations, which would likely have been much stricter.23 Such a code may be considered a voluntary initiative as there are no sanctions whatsoever. Presumably, peer pressure would be enough to reign in any company that breaches the code. In the US, the movie-rating scheme is a voluntary initiative, but the National Association of Theater Owners said its members will not show unrated movies.24

The success of initiated voluntary self-regulatory models requires that industry recognizes the need for a consistent set of “rules of the road.” Other requirements for effective self-regulation are discussed in the next section.

For the internet, a recent major study funded by the Bertelsmann Foundation25 divided codes regulating illegal and harmful content into three categories based on the proponents of the codes: industry, government or company. Table 4.2 shows the categories developed.

23 Amsterdam Group, Alcholic Beverages and European Society (London: The Amsterdam Group, 1993).

24 Stephen Balkam, “Content Ratings for the Internet and Recreational Software,” in Privacy and Self-Regulation in the Information Age (Washington, DC: National Telecommunications and Information Administration, 1997). See also (accessed February 16, 2001).

25 Eric Blinderman, Monroe Price and Stefaan Verhulst, “Codes of Conduct and Other Self-regulatory Documents: Emerging Patterns of Norm Formulation and Enforcement on the Internet,” (lecture, Codes of Conduct and Other Self-Regulatory Documents conference, June 2000).

Table 4.2 Typology of Codes
TypologyType of codeExamples
Model 1Industry association codesCAIP Code, French ISPA Code, German ISPA Code, Japanese TELESA Code, United Kingdom ISPA Code.
Model 2Government-endorsed codesAustralian IIA Code, Singapore Broadcasting Authority Code
Model 3Company terms of service agreementsAOL user agreement

The typology was developed by classifying existing codes. So in that sense, the typologies developed cover self-regulatory codes that relate to illegal and harmful content. But they are not comprehensive of all the self-regulatory schemes regarding all content. For example, self-regulatory privacy schemes such as Trust-e are missing. Also, absent is the self-labeling scheme under the Internet Content Rating Association (ICRA), which could be used to label content deemed to be harmful to minors.


The range of self-regulatory instruments suggests that the grounds for success vary depending on the context in which the regulation was formulated. So the following examples should be treated with some caution. For the consumer movement, the Australian Consumers' Association, reporting to an Australian Taskforce in Industry Self-Regulation (the “Taskforce”), observed that self-regulation works best when the following elements are present:26

26 Australian Consumers' Association, Submission to the Taskforce in Industry Self-Regulation, in December 13, 1999. Self-Regulation/Submissions/016.pdf (accessed February 17, 2001).

  • Motivated industry. This may arise through the use of a carrot, such as the opportunity to differentiate a company by adhering to the code. Or it may arise through the use of a stick such as industry, media or consumer pressure.
  • A small number of large players (banking or insurance) as opposed to a large number of small players (financial planning).
  • A government regulatory backstop.
  • Maturity in the market. Voluntary self-regulation can have little effect where companies are not prepared to participate.

The Taskforce itself concluded (1999:50) that self-regulation works best when, among other things:

  • there are clearly defined problems but no high risk of serious or widespread harm to consumers, so that the failure of self-regulation does not result in great damage;
  • there is an active and cohesive industry association that embraces the industry so that enforcement is easier; and
  • the industry is competitive in that being a signatory to a code differentiates one company from another.

Other studies have found that self-regulation will work well so long as the group of agents exerting the self-regulatory power is relatively small and cohesive. Self-regulation of the professions works because the members are entering into a high-income group through compulsory membership.27 Offenders may lose their membership and their means of earning a high income.

Various studies come to the same conclusion (although for different reasons): Self-regulation is more difficult and less effective when it

27 Roger van den Berg, “Self-Regulation of the Medical and Legal Profession,” in Organized Interests and Self-Regulation: An Economic Approach, eds., Bernaerdo Bortolotti and Gianluca Fiorentini, 89-130 (Oxford: Oxford University Press, 1999).

involves a large and heterogeneous group of agents.28 To reduce the heterogeneity and increase the likelihood of success, self-regulatory codes concerning the internet therefore should target interested parties.

Scarpa29 also recommended that the ideal self-regulatory regime would first have a financially-strong industry, as a struggling industry is more likely to cut corners in its attempt to survive. Second, the code must be developed by the industry. This helps the buy-in process and also ensures that the rules developed are well thought-out. Third, the code should have multiple levels for handling disputes. This is only sensible as industry players cannot be expected to determine every minor dispute that crops up. Only the larger, more contentious issues should filter up to the relevant board for decision. Finally, to be most effective, the code should be backed up by law.

In sum, there are some characteristics of the net that seem suited for self-regulation and others that are not. Among the characteristics that favor self-regulation are:

  • the competitive nature of enterprises on the net and
  • the presence of clear problems that do not pose a high risk or serious harm to consumers in the event of failure of self-regulation. Many of the problems faced on the net do not cause widespread harm. Where they do, such as child pornography and consumer fraud, police action must be mounted.

The characteristics that do not favor self-regulation are:

  • an industry still in infancy;
  • heterogeneity of industry players;
  • the absence of any cohesive industry association; and

28 Carlo Scarpa, “The Theory of Quality Regulation and Self-Regulation,” in Organized Interests and Self-Regulation: An Economic Approach, eds., Bernaerdo Bortolotti and Gianluca Fiorentini, 236-60 (Oxford: Oxford University Press, 1999).

29 Ibid.

  • an industry generally disinclined towards any form of regulation, including self-regulation.

The arguments against self-regulation may be mitigated by, for example, having codes that target specific industry sectors.

The final point above of an unmotivated industry is worth noting. During the course of research for this book, the author found that ironically, ISPs were more likely to have privacy policies than AUPs on their websites. The preference for privacy policies may be due to the publicity that privacy has had as well as the threat of government legislation, particularly in the US. The absence of AUPs, which actually function as a shield favoring the ISPs, is disturbing. Perhaps the AUPs were bundled with the paperwork a subscriber must complete when signing up, and thus acts as a deterrent, or perhaps their absence may suggest that the industry only does the minimum required to protect privacy.


As should be evident from above, self-regulation can work to avoid, anticipate, supplement or implement legislation. Self-regulation has its advantages over government legislation, but it has its pitfalls as well.


Any report or text covering self-regulation can enumerate a list of advantages and disadvantages. The following report by the European Union (EU) on self-regulation in ecommerce30 is one of them:

30 European Union, “Parliament/Industry Group Concerned with the Politics of the Information Society, The Role of Self-Regulation in Electronic Commerce,” EURIM Briefing No. 25, March 1999. (accessed February 17, 2001).

Self-regulation has a number of potential advantages. In particular:

  1. it is dynamic, being able to evolve according to need;
  2. it is adaptable, being less tightly constrained than legislation;
  3. it is faster to implement than legislation;
  4. it can be sector-specific based on common underlying principles;
  5. it can apply to a global community across national jurisdictions;
  6. it is easier to enforce within the “club”;
  7. industry involvement may make self-regulation more relevant;
  8. it can respond to market forces;
  9. the burden of cost falls on those with commercial interests and saves government spending.

Conceptually at least, the advantages above are real. However, in his study on privacy and self-regulation, Swire discusses in detail the oft-cited advantages and advises caution; the advantages do vary by context and circumstance.31 For example, the incentive to enhance industry reputation would be the strongest where the consumer may not be able to identify the offending company and thus would paint the industry with a broad brush. This applies in advertising—consumers cannot easily tell which advertising agency created an advertisement—but not necessarily elsewhere.

Also, it is usually taken for granted that the cost of self-regulation is lower than government regulation. This seems logical as government legislation requires the input of lawyers. Nevertheless, as far as the author knows, there has been no empirical study on the cost of self-regulation versus government regulation.

31 P. Swire, “Privacy and Self-Regulation in the Information Age,” 1997, US Department of Commerce. (accessed January 31, 2001).

In practice, the advantages depend on those enforcing the code. For example, it is not necessarily the case that self-regulation automatically means faster implementation (point(3)). As Price and Verhulst32 have pointed out, a self-regulatory code is less democratic than government legislation because there is less room for public debate and pressure. The author has been involved with a self-regulatory effort where the final draft to update the almost thirty-year-old code had been in the drawers for four years. Also because costs do fall on the industry (point (9)), it may be reluctant to enforce the standards hoped for or promised.

There is one other advantage that is often missing from the literature: the notion of dispute avoidance33 where the idea is to avoid the escalation of a complaint into an issue that must be solved through the legal process. A self-regulatory regime, with multiple layers of dispute resolution, can defuse the tension and reduce the costs of handling such complaints. So where companies see the cost-effectiveness of this method of dispute resolution, they are also likely to support and enforce the self-regulatory code.


The same EU report34 cites an equal number of disadvantages of self-regulation:

32 Monroe Price and Stefaan Verhulst, “Toward a Model Code of Conduct on the Internet” (lecture, Codes of Conduct and Other Self-Regulatory Documents conference, June 2000).

33 This is based on the author's visit in May 2000 to Australia and New Zealand as part of a study group looking into self-regulation for consumer protection in Singapore.

34 European Union, “The Role of Self-Regulation.”

  1. the problem of enforcement if there is no statutory backing;
  2. unless participation is obligatory, regulatory measures affect only those disinclined to flout the rules;
  3. the regulated “self” may not be accountable to any independent body;
  4. procedures can fall short of standards that would be set by courts (for example, for civil liberties);
  5. the burden of the costs of regulation may discourage participants and thus fall on the consumer;
  6. inconsistencies between groups are possible;
  7. levels of intent may vary;
  8. failure to secure acceptance due to inadequate consumer involvement;
  9. procedures can be used to harm competitors and create barriers to entry into markets.

The major disadvantage is enforcement (point(1)). There needs to be incentives to monitor and enforce standards, and self-regulatory regimes without statutory backing are, in general, weak. Traditionally, the lack of enforcement and redress are weaknesses in self-regulation. It is possible that with the internet, some of the traditional weaknesses may be minimized. For example, information flows faster on the internet and so can bring the offender into disrepute. Even informal sanctions can be enough to spur cooperation and thereby deter offenders.35 Nevertheless, it should be recognized that the problem of enforcement is a part of any self-regulatory mechanism. This weakness needs to be taken seriously because without adequate sanctions, the self-regulatory effort will fail.

Another disadvantage is that self-regulation is perceived as never going against the interests of the (self-)regulator. Fletcher's economic analysis36 argues that the rational self-regulator will not rule against itself. This is debatable but the trick lies in the definition of “rational.” It is possible for the self-regulator to vote against itself if the long-term benefits of being regulated by the code outweigh the short-term loss.

35 Ernst Fehr and Simon Gächter, “Cooperation and Punishment in Public Goods Experiments,” American Economic Review 90(4) (2000): 980-94.

36 Fletcher, “Theories of Self-Regulation.”

Having been involved for several years in a self-regulatory regime in Singapore, this author can state that the issue of self-interest crops up less frequently than might be perceived. The author has voted in favor of business just as business representatives have voted against their own interests for the consumer. Nevertheless, the public perception of the self-interested self-regulator is difficult to shake.

Other disadvantages are less severe. There is always a concern that self-regulatory codes could build cartels, as has happened in other industries such as shipping.37 Arguably, such cartels lend stability to the industry, but they also confer monopoly power on the “self” and so result in higher rates imposed on consumers. Indeed, self-regulation by the professions, especially legal and medical, may excessively restrain competition without corresponding benefit to the public. Such an issue is unlikely to arise where the internet is concerned. In any case, a sensibly-designed industry code is unlikely to give rise to anti-trust problems.38


Preventing Abuse of Self-regulation

If self-regulation is to be the prime means of regulating the internet and its content in particular, there are several problems that will have to be faced.

37 Daniel Marx, International Shipping Cartels: A Study of Industrial Self-Regulation by Shipping Conferences (Princeton, NJ: Princeton University Press, 1953).

38 Joseph Kattan and Carl Shapiro, “Privacy, Self-Regulation and Anti-Trust,” NTIA Privacy Report, Chapter 2, 1997. (accessed February 17, 2001).

First, the code must not create a cartel. Competition laws should apply and there should be minimal, if any, barriers to new entrants. At this point, it is highly improbable that any net code will lead to the formation of a cartel.

Second, depending on how they are implemented, codes can give rise to the free-rider problem, where those who do not foot part of the cost of self-regulation nevertheless reap the benefits. An example would be where membership is required as part of the self-regulatory process. Non-members might claim to have the same level of protection for the consumer as members but, because they do not have to pay their dues, are then able to pass on the savings to customers. In the offline world, governments sometimes get around this by making compliance mandatory. On the net, a common device is to exempt code-compliers from liability. In both cases, some government regulation is needed.

An alternative answer to the problem of free-riders is to develop the code around the expectation that there will not be one hundred percent compliance. This in fact is the recommendation of the ILPF.

Third, an industry association code typically uses expulsion as a sanction against a recalcitrant member. This raises the issue of whether membership is sufficient incentive for compliance with the code.

Objections by US Civil Liberties Pressure Groups

In any regulations regarding the internet, American presence on the net cannot be ignored. Many US civil liberties groups are against government regulation in principle. A number of them are uncomfortable with self-regulation because traditionally, self-regulation requires the backing of government legislation to be effective.

Another concern is regulatory slide, where the code becomes hardened into law, thereby losing some of the original advantages of

having a code in the first place. There have been several such incidents in American legal history. The civil libertarian approach would, therefore, be to adopt best practices rather than codes.39

The hardening of code into law is not a universal phenomenon. Nevertheless, given the strong libertarian leanings of the net community, the objection underscores the point that government legislation should be kept to a minimum.


Given the difficulties of self-regulation, one suggestion has been to explore ways of combining various regulatory mechanisms using a “best of breed” combination. The then vice-president and general counsel of AOL-Bertelsmann Europe, David Phillips, recommended that there should be voluntary initiatives to promote competition (thereby using market discipline) and transparency, narrowly-tailored government regulation and self-regulation with legislative, enforcement and judiciary components.40 The idea is to maintain flexibility in regulation.

Phillips' recommendation of using the right regulatory instrument according to the regulatory objective is probably the most ideal. But it does add an additional layer of complexity in that one must work out the strengths and weaknesses of each instrument before picking the best.

A more likely method is to adopt a regulatory approach that one is comfortable with and make the necessary adjustments. Hence, the ILPF, favoring minimal government intervention, suggested a

39 Alan Davidson, Comments, Workshop on Self-Regulation of Internet Content (Hanover, Germany, June 2000).

40 David W. Phillips, “Self-Regulation: What are We Regulating?” in Internet Content Self-Regulation, BIAC/OECD Forum (Paris, France, March 1998).

framework within which any proposals for further regulation of the internet can be evaluated. In its submission to the Organization for Economic Cooperation and Development (OECD), it proposed that, before any government regulation is adopted, it should be demonstrated that:

  • the rule is necessary and alternative means (such as self-regulation) are not available or desirable;
  • the rule is capable of achieving the desired goal in light of changing technology; and
  • the rule is the minimum constraint with the least effect on global communications and commerce.41

Sieber suggests an internationally-agreed standard that defines what is illegal and the formation of “[a]n international network of official or private bodies” that will “then ensure that the content established as criminal content in one country is made known and thus deleted in all other countries.”42 If such an agreement can be achieved, then the procedures for giving notice and taking down offending material become a formality. Until then, there is scope for self-regulation, especially for procedural matters. The idea of being open to all modes of regulation is worth keeping in mind. This avoids what economists call the “Nirvana fallacy”—the idea that there is a perfect institutional arrangement that will solve all problems.

41 Internet Law and Policy Forum, “Observations on the State of Self-Regulation of the Internet,” in A Borderless World: Realizing the Potential for Global Electronic Commerce, Ministerial Conference of the Organization for Economic Cooperation and Development (OECD) (Ottowa, Canada, October 1998).

42 Ulrich Sieber, “Control Possibilities for the Prevention of Criminal Content in Computer Networks, Part III,” Computer Law and Security 15(3) (1999): 178, 179.


Self-regulation, while costing less, requires financing. There are direct business costs in training staff to comply with the code or policy. At the industry level, there are administration costs. Overall, however, the costs of compliance should be minimal, compared with government regulation. For example, the US Children's Online Privacy Protection Act, which came into effect in April 2000, forced some sites to close sections that catered to children because of compliance costs.43 The industry could not agree on a code to protect children's privacy even after the US Federal Trade Commission had given it four one-year extensions from 1996. Elsewhere, codes have caused businesses to close but usually these are marginal businesses.44

In abiding by the code, compliant businesses are perceived to offer better quality products and services. It should be noted that in the early days of codes, there are likely to be more complaints as the consumers become more educated. Over time, as both businesses and consumers are better informed, the number of complaints should decline.


On balance, self-regulation of the internet is experimental. Up till now, it is assumed that governments have first-hand information and know-how before industry, which is unlikely given the rate at which technology changes. Industry has the best access to information it

43 “Net Privacy Law Costs Children's Sites,” USA Today, September 14, 2000. (accessed January 31, 2001).

44 On an Australia visit, the author learnt of furnishing companies forced to close because they could not comply with the National Furnishing Association industry code. Consumers were apparently not upset as the industry had developed a bad name.

needs for action at the lowest cost, and industry is best able to determine the necessary quality and standards required and the likely outcome of various courses of action taken.

Secondly, as self-regulation is less formal and more flexible, it is less likely to stifle innovation. If rules need to be altered to suit changed circumstances, it can be done faster.

Self-regulation is not static. It requires some patience as the law has to evolve to keep pace with both technology as well as the wiles of its more canny users.

It should be noted, as Swire45 has pointed out, that these advantages are not automatically attached to self-regulation. They need to be seized and acted upon.

45 Swire, “Privacy and Self-Regulation in the Information Age.”

About this article

The Possibilities and Limits of Self-regulation

Updated About content Print Article