Question 17 - IAPP CIPP-US Real Exam Questions [Feb 2026 Update]

Q: 17

What is the main reason some supporters of the European approach to privacy are skeptical about self- regulation of privacy practices?

Options

Correct Answer:

Explanation

The European approach to privacy is based on the recognition of privacy as a fundamental human

right that requires strong legal protection and oversight. The EU has adopted comprehensive and

binding privacy laws, such as the General Data Protection Regulation (GDPR) and the ePrivacy

Directive, that apply to all sectors and activities involving personal data. The EU also has independent

data protection authorities (DPAs) that monitor and enforce compliance with the privacy laws, and a

European Data Protection Board (EDPB) that issues guidance and opinions on privacy matters. The

EU also requires adequate levels of privacy protection for personal data transferred to third countries

or international organizations.

In contrast, the U.S. approach to privacy is based on a sectoral and self-regulatory model that relies

on a combination of federal and state laws, industry codes of conduct, consumer education, and

market forces. The U.S. does not have a single, comprehensive, and enforceable federal privacy law

that covers all sectors and activities involving personal data. Instead, the U.S. has a patchwork of

federal and state laws that address specific issues or sectors, such as health, financial, children’s, and

electronic communications privacy. The U.S. also has various federal and state agencies that share

jurisdiction over privacy matters, such as the Federal Trade Commission (FTC), the Federal

Communications Commission (FCC), and the Department of Health and Human Services (HHS). The

U.S. also relies on self-regulation by industries that develop and adhere to voluntary codes of

conduct, standards, and best practices for privacy. The U.S. also allows personal data to be

transferred to third countries or international organizations without requiring adequate levels of

privacy protection, as long as the data subjects have given their consent or the transfer is covered by

a mechanism such as the Privacy Shield or the Standard Contractual Clauses.

Some supporters of the European approach to privacy are skeptical about self-regulation of privacy

practices because they believe that self-regulation is not effective, consistent, or accountable enough

to protect the rights and interests of data subjects. They argue that self-regulation may not provide

sufficient incentives or sanctions for industries to comply with privacy rules, or to adopt privacy-

enhancing technologies and practices. They also contend that self-regulation may not reflect the

views and expectations of data subjects, or address the emerging and complex privacy challenges

posed by new technologies and business models. They also question the transparency and legitimacy

of self-regulation, and the ability of data subjects to exercise their rights and seek redress for privacy

violations. Reference:

IAPP CIPP/US Study Guide, Chapter 1: Introduction to the U.S. Privacy Environment, pp. 9-10, 16-17

IAPP website, CIPP/US Certification

NICCS website, Certified Information Privacy Professional/United States (CIPP/US) Training

FLASH OFFER