Narrowing Data Protection's Enforcement Gap

59 Pages Posted: 22 Mar 2021 Last revised: 11 May 2021

See all articles by Filippo Lancieri

Filippo Lancieri

University of Chicago, Law School; Stigler Center

Date Written: May 10, 2021

Abstract

The rise of data protection laws is one of the most profound legal changes of this century. Yet, despite their nominal force and widespread adoption, available data indicates that these laws recurrently suffer from an enforcement gap—that is, a wide disparity between the stated protections on the books and the reality of how companies respond to them on the ground. This raises the question: what accounts for this gap and what can be done to improve the performance of these laws?

This Article begins by describing three core building blocks of data protection regimes in the United States and Europe—namely, market forces, tort liability and regulatory enforcement—that these jurisdictions combine in different ways to ensure that companies act in accordance consumers’ privacy preferences. It then identifies two key reasons—particularly deep information asymmetries between companies and consumers/regulators, and high levels of market power in many data markets—that enable companies to behave strategically to protect private interests and undermine legal compliance.

The conclusion looks at the institutional design of antitrust and anti-fraud laws, two regulatory regimes that face similar challenges in their implementation, to argue that an effective online privacy regulatory system should be built around three key principles. First, the system must multiply monitoring and enforcement resources, and antitrust demonstrates how litigation can fund sophisticated civil-society intermediaries that safeguard consumers. Second, the system must bring violations to light, and anti-fraud policies demonstrate the importance of establishing effective whistleblower programs for data protection. Third, the system must increase governmental accountability, and antitrust provides examples on how to promote public transparency without sacrificing enforcement capacity.

Keywords: Data Protection, Privacy, Enforcement, GDPR, CCPA, Institutional design

JEL Classification: K20, K23, K42

Suggested Citation

Lancieri, Filippo, Narrowing Data Protection's Enforcement Gap (May 10, 2021). Forthcoming, 74 Maine Law Review, Issue 1 (2022), Available at SSRN: https://ssrn.com/abstract=3806880 or http://dx.doi.org/10.2139/ssrn.3806880

Filippo Lancieri (Contact Author)

University of Chicago, Law School ( email )

Chicago, IL
United States

Stigler Center ( email )

Walker Hall
Chicago, IL 60637
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
63
Abstract Views
259
rank
412,644
PlumX Metrics