Harsher data protection sanctions are coming [but will they matter?]


I regularly hear people claim that there’s not enough legal enforcement of privacy. In some places, as a matter of practice, that may well be true. But there is no shortage of overlapping authorities with the power to bring or adjudicate privacy claims. Curiously, in privacy circles, most of the focus is on the enforcement actions of the DPAs. But in practice, the DPAs are just one of many different authorities who can and do bring privacy enforcement actions. And the trend is clearly going up, both in terms of the numbers of laws that can be violated, in terms of the severity of sanctions, in terms of the numbers of complaints that are brought, and in terms of the breadth of authorities who are involved in enforcing privacy.

Fleischer is Google’s chief privacy counsel, so he’s got a pretty good eye for what’s coming at Google (and other large data collectors and processors). I wonder, however, about the actual effectiveness of the legal challenges he refers to: Canada’s privacy law didn’t stop Streetview from coming into Canada but instead mediated some of its most invasive characteristics. Similar things can be said about powerful network surveillance apparatuses that are deployed by Canadian ISPs. My worry is less that large companies will be whacked with large fines, but that the regulation will serve to legitimize a lot of practices that legally are acceptable without being according with our social norms.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close