Comment Useless Waste of Time and Money (Score 1) 243
As much as people seem to clamor for various forms of privacy protection the data shows they only care about it when prompted with questions. People are readily willing to give up privacy for small rewards and don't want to bother with the various protective measures already in place. There is nothing any law can do to really enforce data privacy when consumers don't find that privacy valuable enough to vote with their feet or use existing privacy controls.
There are really two types of `privacy' (often it's more about public but not readily discovered information) violations possible.
1) Security breeches by hackers or data theft by employees.
2) The sharing of personal data with institutions/people the user would object to viewing that information.
There is little regulation (perhaps government supported security information/response/prosecution centers could help) of companies can do about hackers or data theft. Sure, you can fine companies for data breeches and force publication but this creates an unfortunate incentive for companies not to discover security breeches. A well designed law would impose increased penalties for breeches exposed by outside agencies, e.g., law enforcement but even this law would create incorrect incentives for the current executives whose interests are still likely to reduce spending on discovering breeches in the hope that the bad news won't come on their watch.
Besides, I'm highly skeptical that poor security would be remedied by even larger financial incentives.
It's not even clear if such remedies are even desirable. A better law would simply demand appropriate compensation for people harmed by leaked credit cards and the like and leave it up to the companies (and consumers) what level of security is appropriate. Sure, we would be much safer if we replaced credit cards with fancy cryptographic two factor authentication but the costs in convenience and money would far far exceed the costs of making people whole from credit card theft.
This leaves the 2nd issue. The problem here is that the difference between desirable functionality and privacy violations here depends on the user's preferences. Does the user value getting to see free TV episodes more than the cost of having their viewing history shared with advertisers? What about discounts on medical products for similar sharing?
Sure, the law can require all sorts of consent and legal hoops to jump through but as long as people view actually making these calls as too burdensome to warrant real thought/action all you end up with is annoying privacy policies and click through agreements no one reads.
While popular with voters who think they care about privacy as long as they aren't willing to seriously consider it in their consumer choices (evaluating for themselves how seriously a company is committed to protecting their information from inappropriate revelation) such laws are likely to impose more burdensome regulatory costs than benefits to the consumer.