Colin J. Bennett

The lessons of learning: Reconciling theories of policy learning and policy change

Several different explanations of policy change based on notions of learning have emerged in the policy literature to challenge conventional conflict-oriented theories. These include notions of ‘political-learning’ developed by Heclo, ‘policy-oriented learning’ developed by Sabatier, ‘lesson-drawing’ analyzed by Rose, ‘social learning’ discussed by Hall and ‘government learning’ identified by Etheredge. These different concepts identify different actors and different effects with each different type of learning. Some elements of these theories are compatible, while others are not. This article examines each approach in terms of who learns, what they learn, and the effects of learning on subsequent policies. The conclusion is that three distinct types of learning have often been incorrectly juxtaposed. Certain conceptual, theoretical and methodological difficulties attend any attempt to attribute policy change to policy learning, but this does not detract from the important reorientation of policy analysis that this approach represents.

Understanding Ripple Effects: The Cross–National Adoption of Policy Instruments for Bureaucratic Accountability

This article examines different explanations for the cross–national diffusion of three recent innovations in bureaucratic accountability—the institution of the ombudsman, freedom of information legislation and data protection (information privacy) law. The first two explanations are based on the assumption that these innovations are by–products of modernization, either the growth of the state or democratization. The third assumes that policy is shaped through processes of international communication. A combination of methodologies is employed to conclude that while the growth of government and liberal democratic values are necessary conditions for the adoption of all three policy instruments, they are not sufficient conditions. The pattern of adoption observed is best explained by examining how evidence about these respective policies flows from adopting states to non–adopters. In the case of the ombudsman, this process can be characterized as one of lesson–drawing; for freedom of information, evidence is used for legitimation purposes; for data protection, the diffusion is attributable to harmonization through international organizations. Policy transfer is hence a multi–faceted concept that embraces a number of distinct processes of transnational learning and communication.

How States Utilize Foreign Evidence

This article examines how evidence about Program A in Country A may be utilized in Country B, and thus how utilization may explain the adoption of the same program. Elites and activists have a number of interests in using policy evidence from another country: to put an issue to a systemic or institutional agenda, mollify political pressure, provide an exemplar, indicate the range of options or reinforce conclusions already reached. The interests of the importer dictate the nature, timing and origins of the evidence injected into policy debate. This framework is applied to the case of freedom of information policy. An analysis of how and why evidence about the United States Freedom of Information Act (FOIA) was utilized in Canada and Britain reveals that FOIA was used as an exemplar in Canada and the reverse in Britain.

Visions of Privacy: Policy Choices for the Digital Age

From the Publisher: What kind of privacy future are we facing? In Visions of Privacy: Policy Choices for the Digital Age, some of the most prominent international theorists and practitioners in the field explore the impact of evolving technology on private citizens. The authors critically probe legal, social, political, and economic issues, as each answers the question: How can we develop privacy solutions equal to the surveillance challenges of the future?

Cookies, web bugs, webcams and cue cats: Patterns of surveillance on the world wide web

This article addresses the question of whetherpersonal surveillance on the world wide web isdifferent in nature and intensity from that inthe offline world. The article presents aprofile of the ways in which privacy problemswere framed and addressed in the 1970s and1990s. Based on an analysis of privacy newsstories from 1999–2000, it then presents atypology of the kinds of surveillance practicesthat have emerged as a result of Internetcommunications. Five practices are discussedand illustrated: surveillance by glitch,surveillance by default, surveillance bydesign, surveillance by possession, andsurveillance by subject. The article offerssome tentative conclusions about theprogressive latency of tracking devices, aboutthe complexity created by multi-sourcing, aboutthe robustness of clickstream data, and aboutthe erosion of the distinction between themonitor and the monitored. These trendsemphasize the need to reject analysis thatframes our understanding of Internetsurveillance in terms of its “impact” onsociety. Rather the Internet should beregarded as a “form of life” whose evolvingstructure becomes embedded in humanconsciousness and social practice, and whosearchitecture embodies an inherent valence thatis gradually shifting away from the assumptionsof anonymity upon which the Internet wasoriginally designed.

Privacy Advocacy from the Inside and the Outside: Implications for the Politics of Personal Data Protection in Networked Societies

Abstract For the most part, privacy and data protection laws arose not through grassroots pressure but through interactions between governmental and business elites in the context of broader international harmonization efforts. Thus, civil society activists have rarely been seen as a client constituency with equivalent weight to governmental and business interests. There is evidence, however, that the privacy advocacy network is becoming more influential in comparative context. In most countries, a network of advocates has emerged with a relatively distinct profile from the “official” data protection authorities. Individual advocates play several conflicting roles and often exist within groups with wider civil liberties, human rights, digital rights, or consumer interests. Those at the center of the privacy advocacy network possess a set of core beliefs about the importance of privacy, and as one passes to the outer edges the issue becomes more and more peripheral. Privacy advocacy is beginning to occur from both the inside, and the outside, representing an important shift in the evolution of privacy protection policy both nationally and internationally, and producing difficult tensions between the two networks.

Privacy, surveillance, and the democratic potential of the social web

This chapter argues that theories about privacy would benefit from embracing deliberative democratic theory on the grounds that it addresses harms to democracy, and widens our understandings of privacy infringements in social networking environments. We fi rst explore how social networking services (SNS) have evolved through diff erent phases and how they enable political deliberation. Subsequently, we discuss more traditional individualistic and intersubjective theories of privacy in relation to social networking and point out their limitations in identifying and redressing social networking-related harms. We then critique emerging claims concerning the social value of privacy in the context of the social Web. Here we point out how these theories might identify non-individualized harms, yet, at the same time, suff er important challenges in application. We conclude by arguing that deliberative democratic theory can add some critical insights into the privacy harms encountered on the contemporary “social Web” that are only imperfectly understood by individualistic and social conceptions of privacy

Privacy Impact Assessments in Canada

Over the last 20 years or so, a range of new policy instruments has entered the “toolbox” of those regulators charged with implementing and enforcing information privacy and data protection policy. During the earlier history of these policies, it was generally assumed that law alone, codifying the information privacy principles and establishing independent oversight, would be both necessary and sufficient to regulate the collection, use and dissemination of personal data by organisations. The assumptions have shifted. Now, it is generally assumed that law is necessary, but not sufficient.

The State of Privacy in the Canadian State: Fallout from 9/11

The literature on privacy and surveillance is rich and varied. Scholars, journalists, practitioners, and others from many nations have analysed the causes and consequences of the excessive collection and processing of personal information, and debated the merits of a range of legal, selfregulatory and technological solutions (Bennett and Grant, 1999). With few exceptions, most of this literature would share the following four assumptions: 1) privacy is an individual right; 2) privacy is something that we once had but is now eroding; 3) the privacy problem arises from structural and organisational forces that together reduce the ability of individuals to control the circulation of their information; and, 4) the organisations that are responsible for privacy invasion can be observed, resisted and regulated because they are subject to the laws of discrete and bounded liberal democratic states. These assumptions constitute the ‘privacy paradigm’ (Bennett and Raab, 2003). In contemporary circumstances, each of these assumptions can be questioned. Privacy protection can be regarded as a social value as much as it is an individual one (Regan, 1995). To argue that privacy is vanishing, eroding, dying and so on (e.g. Whitaker, 1999; Rosen, 2000), assumes that antecedent agricultural and industrial societies offered higher ‘‘levels’’ of privacy than conditions in current post-industrial societies, an assumption which is highly problematic. The sources of privacy invasions are also complex. The picture of an embattled individual trying to stem the tide of surveillance flowing from a range of impersonal and invulnerable structural forces makes good rhetoric for the privacy cause, but it distorts reality and oversimplifies social and political analysis. Privacy problems arise from a complex interplay of structure and agency. They occur when technologies work and when they fail, when humans have worthy motives and when they do not. However, the subject matter of this article most closely relates to the last assumption. The privacy paradigm tends to be state-centric in two different senses. First, the right to privacy is generally regarded as a benefit of state citizenship. This right is conferred on us by virtue of our national identities, be they Dutch, American, British, Canadian, or any other. The privacy and data protection laws, which provide us with certain guarantees about our personal information, reflect some essential principles of liberal democracy that are either enshrined in constitutions (such as in the US Fourth Amendment) or deeply embedded in the cultural and historical experiences of different societies. Second, contemporary discourse and policy prescriptions are generally dictated by a paradigm which suggests that our personal information still tends to be held within organisations that are easily identifiable and that operate within the boundaries of modern territorial states. It is not simply that the forces of globalisation have necessitated harmonised international solutions to the privacy problem; the growing policy interdependence has caused a proliferation in the number of transnational actors, and a progressive frequency and regularity of networking opportunities. It might be assumed that this transnational policy-making has caused a concomitant reduction in state sovereignty. The question is not, any more, whether data protection policy should be made at the international or the national governmental levels; data protection policy is, and must be, made at both levels. Rather, the question is how national and international regimes interact to respond to an inherently transnational policy problem caused by a global economy. Privacy is a global problem, and it is being addressed through a repertoire of policy instruments that also know few attachments to traditional conceptions of legal and territorial sovereignties (Bennett and Raab, 2003). This article charts the Canadian policy responses to the acts of terrorism on 11 September 2001. In brief, we argue that before 11 September, Canadian privacy protection policy had diverged in some significant ways with that of the United States. Policy developments were very much driven by international pressures, but from Department of Political Science, University of Victoria, Victoria, B.C., V8W 3P5, Canada *E-mail: cjb@uvic.ca **E-mail: martian@uvic.ca

Revisiting the Governance of Privacy

In the early 2000s, we surveyed and analyzed the global repertoire of policy instruments deployed to protect personal data in “The Governance of Privacy: Policy Instruments in Global Perspective.�? In this article, we explore how those instruments have changed as a result of 15 years of fundamental transformations in information technologies, and the new digital economy that they have brought in their wake. We review the contemporary range of transnational, regulatory, self-regulatory and technical instruments according to the same framework, and conclude that the types of policy instrument have remained relatively stable, even though they are now deployed on a global scale, rather than in association with particular national legal and administrative traditions. While the labels remain the same, however, the conceptual foundations for their legitimation and justification are shifting as a greater emphasis on accountability, risk, ethics and the social/political value of privacy have gained purchase in the policy community. Our exercise in self-reflection demonstrates both continuity and change within the governance of privacy, and displays how we would have tackled the same research project today. As a broader case study of regulation, it also highlights the importance of going beyond the technical and instrumental labels. The change or stability of policy instruments do not take place in isolation from the wider conceptualizations that shape their meaning, purpose and effect.