CIPP/US Study Guide
Chapter 1: Introduction to Privacy

Co-Regulatory, Self-Regulatory, and Technology Models

Co-regulation (e.g., Australia; U.S. COPPA codes approved by the FTC) pairs industry codes with government law. Self-regulation (e.g., PCI DSS, seal programs) needs no general law. A technology model (e.g., encryption) reduces reliance on administrative measures.

Co-regulation (e.g., Australia, closer to comprehensive) emphasizes industry-developed enforceable codes against the backdrop of government law. A U.S. example is COPPA, where FTC-approved codes can satisfy the statute.

Self-regulation (e.g., the U.S.) creates codes of practice with no generally applicable data protection law behind them. A prominent example is PCI DSS for credit card data, and seal programs are another form.

Co-regulation vs. self-regulation
ModelRelation to government lawExample
Co-regulatoryIndustry codes backed by government legal requirementsCOPPA codes approved by the FTC; Australia
Self-regulatoryCodes may exist with no general data protection lawPCI DSS; seal programs
Self-regulation criticisms

Critics worry about adequacy and enforcement: industry codes may under-protect consumers, and penalties or enforcement authority can be weak. A technology-based model (e.g., provider encryption) can reduce reliance on administrative measures.

Key terms - quick answers

What is “Co-regulatory model”?
An approach emphasizing industry-developed enforceable codes against a backdrop of government legal requirements; e.g., COPPA codes approved by the FTC.
What is “Self-regulatory model”?
An approach where companies, industries, or independent bodies create codes of practice, often without a generally applicable data protection law; e.g., PCI DSS.
What is “PCI DSS”?
The global Payment Card Industry Data Security Standard, a self-regulatory standard for businesses processing credit card data.
What is “Seal programs”?
A form of self-regulation requiring participants to follow codes and submit to monitoring, then display a privacy seal; FTC-recognized COPPA seals include CARU, ESRB, iKeepSafe, kidSAFE, PRIVO, and TrustArc.