My post collecting ads about privacy, including some interesting historical ads and some gems from Apple danielsolove.substack.com/p/…

Just finished reading @DanielSolove's article "Enforcing Privacy Law: Why Private Litigation Is Essential" and it should be required reading for anyone working in data protection policy or compliance. Solove's central argument is quite simple: a privacy law is only as strong as its enforcement. You can draft the most beautifully principled statute in the world, but if enforcement is weak, inconsistent, or politically constrained, the law becomes (in his memorable phrase) "flimsy sheets of paper with hardly anything behind them." He makes four points that I think are exactly right: 1. Poor enforcement neuters even strong laws. 2. Government enforcement, however well resourced, will always have a ceiling: political constraints, limited budgets, regulatory capture, and the sheer impossibility of policing every violation. 3. Enforcement is fundamentally about incentives. If the risk-adjusted cost of non-compliance is lower than the benefit, rational (amoral) corporate actors will keep violating the law. Charlie Munger's line that Solove quotes "Show me the incentive, and I'll show you the outcome" captures it perfectly. 4. Private litigation is not a nice-to-have. It is essential. It is the mechanism that fills the gaps government enforcers cannot, by being insulated from political winds, by deputising private attorneys, by compensating victims, and by genuinely changing corporate risk calculus. Reading this through an Indian lens was, frankly, sobering. The Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025 fail almost every one of Solove's tests for meaningful enforcement. First, there is no private right of action. None. An aggrieved data principal cannot sue a data fiduciary for breach. The only route is a complaint to the Data Protection Board, which decides whether to act. Compare this to the position under the UK GDPR, where Article 82 gives data subjects a direct right to claim compensation for both material and non-material damage, a right the Court of Appeal in Lloyd v Google and subsequent cases has continued to affirm (albeit with sensible thresholds). In the UK, a data subject is an active rights holder. In India, the data principal is a petitioner waiting in a queue. Second, the Data Protection Board lacks meaningful independence. Its members are appointed by the Central Government, funded by the Central Government, and the Government enjoys wide exemption making powers under Section 17. Solove warns about politicised enforcement eroding the rule of law and turning enforcement into "opportunism and reading political tea leaves." The DPDP Act's design risks exactly that. The ICO, for all its imperfections, has statutory independence, a published regulatory action policy, and answers to Parliament, not to a ministry. Third, penalties are capped flat, not turnover-linked. ₹250 crore sounds large until you measure it against the global turnover of Big Tech. Under the UK GDPR, fines can reach 4% of global annual turnover, a figure that, as Solove notes, at least attempts to align with the amoral-actor risk calculation. A flat cap is, for the largest fiduciaries, simply the price of doing business. Fourth, the DPDP Act creates a right without a remedy. A data principal who suffers harm, financial, reputational, emotional, has no compensatory route. The fines, when levied, go to the Consolidated Fund of India. The victim, who triggered the entire process, walks away with nothing. Solove's critique of HIPAA applies almost verbatim to the DPDP framework. Fifth, and perhaps most worryingly, the Act introduces penalties on data principals themselves for filing "false or frivolous" complaints (Section 15). The disincentive to complain, already a structural problem Solove identifies, is here written into the statute. If we take Solove's framework seriously, the DPDP Act is, at present, a law of announcement rather than enforcement. It has the architecture of a modern data protection regime but few of the load-bearing walls. A meaningful course correction would require, at minimum: a statutorily independent Board, a private right of action with statutory damages, turnover-linked penalties for large fiduciaries, and a compensation mechanism for harmed individuals. Highly recommend reading the full article. #DataProtection #Privacy #DPDPAct #UKGDPR #PrivacyLaw #Enforcement #IndiaLaw #TechLaw #DataPrivacy #Regulation #PrivateRightOfAction #RuleOfLaw papers.ssrn.com/sol3/papers.…

The orchestra is playing Arnold Schoenberg.

Apocalypse AI Proudly Announces Doom GPT, the World’s Most Dangerous AI Model danielsolove.substack.com/p/…

Thoughts on the SCOTUS case of Chatrie, geofence warrants, and government surveillance run amok danielsolove.substack.com/p/…

Green Eggs and Ham: How Not to Market and Invade Privacy open.substack.com/pub/daniel…

Your data is already out there. What happens next? Join us Apr. 2 for a book discussion with GW Law’s @ProfFerguson on surveillance, AI & justice. Lunch included. Book signing after. 📍Tasher Great Room, 12–1:30 PM. Register: calendar.gwu.edu/event/book-…

Aspiring IP or privacy law scholar? GW Law's Marks and Privacy & Tech Fellowships offer mentoring, research support, and a launchpad to the legal academy. Applications open now — review begins April 20 & 24. #PrivacyLaw #TechnologyLaw #LegalAcademia #LawFellowship #LawFaculty

Accountability for Tech and AI: The Recent Negligent Design Verdict Should Be a Wake-Up Call open.substack.com/pub/daniel…

interesting development on the AI scraping/AI preferences front

@DanielSolove book moves forward like a train. The start is slow, the wheels straining to build up speed. Privacy, as Solove conceives it, is an immense concept, encompassing freedom, self-determination, relationships and power. The ideas in this book gather pace into a powerful testimony for action. Solove’s introductions and definitions makes this book accessible to all. The novice will be acquainted with the basics of privacy law before dipping into thornier issues further on, such as the futility of privacy self-management. By contrast, people with developed opinions will agree or argue with Solove, but in all instances remain curious about where his ideas will lead. With a kind of careful, incrementalist language, Solove takes readers from answering the basics of ‘What is privacy?’ and ‘What is Technology?’ to explicit calls for individual/consumer-centred regulation. Some big takeaways for this reader were: — the onus for privacy protection currently rests unreasonably with the individual. — the idea of regulation stifling innovation is a myth. Book review of ON PRIVACY AND TECHNOLOGY in The Law Society Gazette

Book review of ON PRIVACY AND TECHNOLOGY in The Law Society Gazette lawgazette.co.uk/reviews/pri… “The ideas in this book gather pace into a powerful testimony for action.”

Three TV Commercials Show What’s Wrong with Big Tech, Privacy, and AI open.substack.com/pub/daniel…

ICE claims its agents can enter our homes using their own paperwork, without a real judge’s signature. I explain how the most important word in this debate is also the most misleading one: “warrant.”  My latest for @aier @thedailyeconomy thedailyeconomy.org/article/…

Electronic surveillance law is not taught enough in criminal procedure classes, but understanding it is essential. Recently, a recording of an interrogation of Luigi Mangione was botched because interrogators didn't realize PA had an all-party consent law jurist.org/news/2025/12/us-d…

Kafka’s The Trial captures privacy today youtube.com/shorts/9n45BCNWF…

Privacy as #Contract? In this Article, the authors argue that contract law is unsuitable for governing consumer privacy. Authors: Woodrow Hartzog, Daniel J. Solove Read More: spkl.io/6012AS7nw #Law

Can tech companies be trusted to self-regulate? Short answer: Hell no. youtube.com/shorts/KKYLVXB5J…

On Privacy and Technology has received a #MaincrestMedia #BookAward! Check it out here: winners.maincrestmedia.com/p… #writingcommunity #writerslift #readerscommunity #books @DanielSolove

“To adequately regulate government surveillance, it is essential to also regulate surveillance capitalism.” From my article, Privacy in Authoritarian Times papers.ssrn.com/sol3/papers.…