Privacy codes aim at protecting individuals' interests in the treatment of data on themselves held by institutions. One can distinguish between procedural and strategic principles underlying these codes. The former aim at shaping treatment of personal information, once compiled within data systems; the latter aim at limiting and dispersing personal information from the start. A historical view of the workings of these two principles gives more reasons for optimism in the case of strategic measures. In contrast, procedural restrictions on access to personal information are evidently subject to erosion and reversal with changes in larger political climates.