Regulators have done a lot of talking about online privacy this year. The Obama administration has called for legislation that would provide a consumer bill of rights for online privacy, and wants the Federal Trade Commission (FTC) to have enforcement powers. Recently the FTC proposed new rules of its own that would prohibit online companies from using behavior-targeting techniques on children under 13 years of age without parental consent.

So what does all this mean for online businesses? New privacy regulation would likely prompt online operators to charge more for services and create new charges for services that they now offer for free. However, online operators can avoid this by providing greater self-regulation on their own.

Consider the fallout for Facebook Inc. when it failed to provide notice and attain consent when it decided to track all of its users’ online activity to deliver targeted advertising. Facebook users waged an online protest, major advertising and partner agreements were lost, and calls for online privacy rules were sounded. All of that could have been avoided by more responsible business practices, and without government regulation.

When customers lose trust, businesses lose customers. This adage dates back to the early 20th century, when product manufacturers were relying on national advertising, which provided more opportunity for false or exaggerated claims that eroded public trust. Producers of brand-name goods propounded the “rotten apple theory” in which a few false and misleading ads ruined the reputation of all national advertisers. In this case, it was businesses that called for advertising regulations.

With online privacy, we might need a more balanced approach between industry self-regulation and government facilitation. A good example is the safe-harbor agreement between the United States and the European Union (EU). This came after the EU issued a directive in 1995 stating that it would no longer allow the transfer of Europeans’ personal data to outside countries unless those countries abided by EU standards for online privacy. Suffice it to say that U.S. standards for online privacy were far below those of the European community, and without some kind of agreement, there would be a disruption of e-commerce.

Rather than calling for an omnibus online privacy law that would bring the United States in line with European standards, the Clinton administration in 2000 negotiated an agreement with the European Union that allowed U.S. e-businesses to voluntarily and individually self-certify that they would comply with EU online privacy standards. If U.S. e-businesses wanted access to EU markets, they had to instill an adequate level of trust.

Today’s online businesses should take note: If business does more, government will do less.

Jeff Blevins is an associate professor in the Greenlee School of Journalism and Communication at Iowa State University.