provide scope for self-regulation by data users as a complement to state control. In Germany, companies must appoint officials charged with implementing compliance with data protection regulations within the firm.
In many countries, sectors of data users, such as the direct marketing industry, the police, or health care providers, have formulated codes of practice in order to tailor the regulation of information practices to the specific characteristics of the sector. In The Netherlands, such codes can receive official approval by the Registration Chamber-the statutory regulatory body-as conforming to the legal regime, whereas in the United Kingdom they play a less formal, but still important role in the data protection system. There have been developments in Canada toward the creation of a model code that could serve as a formal, publicized standard with specifications to which users of personal data should adhere if they wish such accreditation. Self-regulation is still in a developmental state, and its effects-perhaps especially its articulation with statutory requirements and state regulation-remain to be evaluated. However, it is likely to become a prominent mode of data protection, insofar as it also accords with trends in management and public administration away from top-down controls and towards decentralized forms of governance and steering. By fixing responsibility and accountability at lower levels, self-regulation might promote learning, awareness, and monitoring of the impact of information systems on privacy among a variety of data users. It might also improve the application of general rules to the specific and diverse requirements of different industries or public agencies where personal data are used.
In addition to state regulation and data users' self-regulatory adherence to codes, it is considered that data protection might also be assisted by technology itself as used directly by individuals. "Smart cards" and certain kinds of encryption can provide ways of protecting privacy in a wide range of transactions in which goods, services, and state benefits are obtained, by increasing the individual's control of the flow of personal information, by making transactions anonymous, or by helping to confine the data to the purpose for which it was gathered. Given the many advantages accruing to organizations through their ability to use advanced information and communications technologies in providing public services or goods, such privacy technologies, when incorporated in the design of equipment and information systems at an early stage, are likely to play an important part in data protection. The widespread adoption of partial solutions of this kind are likely to alter the configuration of data protection strategies, roles, and institutions as a whole, as well as to throw a new light on the underlying philosophy that has long motivated the policy and implementation of privacy protection.
CHARLES D. RAAB
Beniger, James R., 1986. The Control Revolution: Technological and Economic Origins of the Information Society. Cambridge, MA: Harvard University Press.
Bennett, Colin J., 1992. Regulating Privacy: Data Protection and Public Policy in Europe and the United States. Ithaca and London: Cornell University Press.
Burkert, Herbert, 1981. "Institutions of Data Protection -- An Attempt at a Functional Explanation of European National Data Protection Laws". Computer/Law Journal, 3:167-188.
Flaherty, David H., 1989. Protecting Privacy in Surveillance Societies: The Federal Republic of Germany, Sweden, France, Canada, and the United States. Chapel Hill, NC: University of North Carolina Press.
Raab, Charles D., 1993. "The Governance of Data Protection". In Jan Koolman, ed., Modern Governance: New GovernmentSociety Interactions. London, Newbury Park and New Delhi: Sage Publications, pp. 89-103.
Simitis, Spiros, 1987. "Reviewing Privacy in an Information Society". University of Pennsylvania Law Review, 135:707-746.
Simmel, Arnold, 1968. "Privacy". In David L. Sills, ed., International Encyclopedia of the Social Sciences. London: Collier- Macmillan Publishers, vol. 11, pp. 480-487.
Taylor, John A. and Howard Williams, 1991. "Public Administration and the Information Polity". Public Administration, vol. 69 (Summer) 171-190.
U.S. Congress, Office of Technology Assessment, 1986. Federal Government Information Technology: Electronic Record Systems and Individual Privacy, OTA-CIT-296. Washington, D.C.: U.S. Government Printing Office.
Warren, Samuel D. and Louis D. Brandeis, 1890. "The Right to Privacy". Harvard Law Review, vol. 4:193-220.
Westin, Alan F., 1967. Privacy and Freedom. New York: Atheneum.
DE FACTO (AND DE JURE). In reality or in fact, as in actual authority, but not necessarily "a matter of law" or legal authority. De facto is an accidental result which ensues from individual or governmental decisions made without any purpose or intent to cause the result. De jure (by legitimate, legal right, or authority; as a matter of law) is an intentional result ensuing from individual or governmental action or inaction.
The most often cited example of a de jure result is school segregation in many areas of the United States. During the nineteenth century, many U.S. states adopted "separate but equal facilities" legislation. This legislation dictated that separate, but equal, facilities would be established so that blacks and whites would be separated in public accommodations, restaurants, restroom facilities, hospitals, public housing, and so forth. Many states enacted statutes or state constitutional amendments that required that blacks and whites would be educated in separate facilities so as to avoid a mixing of the races in educational institutions. For decades, separate institutions were operated and no mixing of the races occurred. This is a classic example of an intentional result ensuing from governmental action.