Olivia
Online
Daniel J. Solove
@DanielSolove
Law professor at George Washington University Law School, expert in information privacy law, founder of @TeachPrivacy, a privacy and security training company
Joined July 2010
2.2K Following
18.7K Followers
11.6K Posts
My post collecting ads about privacy, including some interesting historical ads and some gems from Apple https://t.co/mfks7PFnJi
Just finished reading @DanielSolove's article "Enforcing Privacy Law: Why Private Litigation Is Essential" and it should be required reading for anyone working in data protection policy or compliance.
Solove's central argument is quite simple: a privacy law is only as strong as its enforcement. You can draft the most beautifully principled statute in the world, but if enforcement is weak, inconsistent, or politically constrained, the law becomes (in his memorable phrase) "flimsy sheets of paper with hardly anything behind them." He makes four points that I think are exactly right:
1. Poor enforcement neuters even strong laws.
2. Government enforcement, however well resourced, will always have a ceiling: political constraints, limited budgets, regulatory capture, and the sheer impossibility of policing every violation.
3. Enforcement is fundamentally about incentives. If the risk-adjusted cost of non-compliance is lower than the benefit, rational (amoral) corporate actors will keep violating the law. Charlie Munger's line that Solove quotes "Show me the incentive, and I'll show you the outcome" captures it perfectly.
4. Private litigation is not a nice-to-have. It is essential. It is the mechanism that fills the gaps government enforcers cannot, by being insulated from political winds, by deputising private attorneys, by compensating victims, and by genuinely changing corporate risk calculus.
Reading this through an Indian lens was, frankly, sobering.
The Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025 fail almost every one of Solove's tests for meaningful enforcement.
First, there is no private right of action. None. An aggrieved data principal cannot sue a data fiduciary for breach. The only route is a complaint to the Data Protection Board, which decides whether to act. Compare this to the position under the UK GDPR, where Article 82 gives data subjects a direct right to claim compensation for both material and non-material damage, a right the Court of Appeal in Lloyd v Google and subsequent cases has continued to affirm (albeit with sensible thresholds). In the UK, a data subject is an active rights holder. In India, the data principal is a petitioner waiting in a queue.
Second, the Data Protection Board lacks meaningful independence. Its members are appointed by the Central Government, funded by the Central Government, and the Government enjoys wide exemption making powers under Section 17. Solove warns about politicised enforcement eroding the rule of law and turning enforcement into "opportunism and reading political tea leaves." The DPDP Act's design risks exactly that. The ICO, for all its imperfections, has statutory independence, a published regulatory action policy, and answers to Parliament, not to a ministry.
Third, penalties are capped flat, not turnover-linked. ₹250 crore sounds large until you measure it against the global turnover of Big Tech. Under the UK GDPR, fines can reach 4% of global annual turnover, a figure that, as Solove notes, at least attempts to align with the amoral-actor risk calculation. A flat cap is, for the largest fiduciaries, simply the price of doing business.
Fourth, the DPDP Act creates a right without a remedy. A data principal who suffers harm, financial, reputational, emotional, has no compensatory route. The fines, when levied, go to the Consolidated Fund of India. The victim, who triggered the entire process, walks away with nothing. Solove's critique of HIPAA applies almost verbatim to the DPDP framework.
Fifth, and perhaps most worryingly, the Act introduces penalties on data principals themselves for filing "false or frivolous" complaints (Section 15). The disincentive to complain, already a structural problem Solove identifies, is here written into the statute.
If we take Solove's framework seriously, the DPDP Act is, at present, a law of announcement rather than enforcement. It has the architecture of a modern data protection regime but few of the load-bearing walls. A meaningful course correction would require, at minimum: a statutorily independent Board, a private right of action with statutory damages, turnover-linked penalties for large fiduciaries, and a compensation mechanism for harmed individuals.
Highly recommend reading the full article.
#DataProtection #Privacy #DPDPAct #UKGDPR #PrivacyLaw #Enforcement #IndiaLaw #TechLaw #DataPrivacy #Regulation #PrivateRightOfAction #RuleOfLaw
https://t.co/T0dTjpDWjf
The orchestra is playing Arnold Schoenberg.
Just a reminder, @JohnWesleyHall has a list of pretty much all of the Supreme Court's Fourth Amendment rulings, with links to the opinions. It's great to see the whole orchestra together!
https://t.co/QhzxZVR4HB
Apocalypse AI Proudly Announces Doom GPT, the World’s Most Dangerous AI Model https://t.co/iTOwJJvCLx
Who to follow
TeachPrivacy
@TeachPrivacy
Founded by Prof. @DanielSolove, TeachPrivacy provides privacy & data security training. Engaging and interactive 150+ topics: HIPAA, PCI, FERPA, phishing, GDPR
J Trevor Hughes
@jtrevorhughes
CEO of the International Association of Privacy Professionals (@privacypros). 🇨🇦
Hunton Privacy
@hunton_privacy
Our privacy practice is known throughout the world for its deep experience, breadth of knowledge and outstanding client service. ©2026 Attorney Advertising.
Thoughts on the SCOTUS case of Chatrie, geofence warrants, and government surveillance run amok
https://t.co/oIkebT8Hn9
Green Eggs and Ham: How Not to Market and Invade Privacy https://t.co/tVy2kvAnkf
Your data is already out there. What happens next? Join us Apr. 2 for a book discussion with GW Law’s @ProfFerguson on surveillance, AI & justice. Lunch included. Book signing after.
📍Tasher Great Room, 12–1:30 PM.
Register: https://t.co/ChqecPbxYJ
Aspiring IP or privacy law scholar? GW Law's Marks and Privacy & Tech Fellowships offer mentoring, research support, and a launchpad to the legal academy. Applications open now — review begins April 20 & 24.
#PrivacyLaw #TechnologyLaw #LegalAcademia #LawFellowship #LawFaculty
Accountability for Tech and AI: The Recent Negligent Design Verdict Should Be a Wake-Up Call https://t.co/VMmtTWDjLt
interesting development on the AI scraping/AI preferences front
@DanielSolove book moves forward like a train. The start is slow, the wheels straining to build up speed. Privacy, as Solove conceives it, is an immense concept, encompassing freedom, self-determination, relationships and power. The ideas in this book gather pace into a powerful testimony for action.
Solove’s introductions and definitions makes this book accessible to all. The novice will be acquainted with the basics of privacy law before dipping into thornier issues further on, such as the futility of privacy self-management. By contrast, people with developed opinions will agree or argue with Solove, but in all instances remain curious about where his ideas will lead.
With a kind of careful, incrementalist language, Solove takes readers from answering the basics of ‘What is privacy?’ and ‘What is Technology?’ to explicit calls for individual/consumer-centred regulation.
Some big takeaways for this reader were:
— the onus for privacy protection currently rests unreasonably with the individual.
— the idea of regulation stifling innovation is a myth.
Book review of ON PRIVACY AND TECHNOLOGY in The Law Society Gazette
Book review of ON PRIVACY AND TECHNOLOGY in The Law Society Gazette
https://t.co/UfaKbZiQ67
“The ideas in this book gather pace into a powerful testimony for action.”
Three TV Commercials Show What’s Wrong with Big Tech, Privacy, and AI https://t.co/aSWy60njZA
ICE claims its agents can enter our homes using their own paperwork, without a real judge’s signature. I explain how the most important word in this debate is also the most misleading one: “warrant.”
My latest for @aier + @thedailyeconomy
https://t.co/qQ3oLF08jM
Electronic surveillance law is not taught enough in criminal procedure classes, but understanding it is essential. Recently, a recording of an interrogation of Luigi Mangione was botched because interrogators didn't realize PA had an all-party consent law https://t.co/tvR8z89Jen
Kafka’s The Trial captures privacy today
https://t.co/0Al4aYgkXE
Can tech companies be trusted to self-regulate? Short answer: Hell no. https://t.co/3UALCRnkW7
On Privacy and Technology has received a #MaincrestMedia #BookAward!
Check it out here:
https://t.co/4v6FuEhyc4
#writingcommunity #writerslift #readerscommunity #books
@DanielSolove
“To adequately regulate government surveillance, it is essential to also regulate surveillance capitalism.” From my article, Privacy in Authoritarian Times https://t.co/TeAkXIEUnm
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers