Abstract

Digital privacy scholars tend to bemoan ordinary people’s limited knowledge of and lukewarm interest in what happens to their digital data. This general lack of interest and knowledge is often taken as a consideration in favor of legislation aiming to force internet companies into adopting more responsible data practices. While we remain silent on whether any new laws are called for, in this paper we wish to underline a neglected consequence of people’s ignorance of and apathy for digital privacy: their potential to encourage capture by industry interests. In particular, we argue that such laws may be at increased risk of capture because they are unlikely to be democratically responsive. We make this claim on a twofold basis: first, well-known theoretical mechanisms explaining how the absence of responsiveness leads to capture, identified in prior political science and political philosophy literature, yield the prediction that digital privacy legislation is likely to be unresponsive and thus captured; second, empirical data concerning the European Union’s digital privacy laws, with a special focus on the General Data Protection Regulation, appears to confirm these predictions: the bloc’s (world’s?) flagship privacy protection law seems more responsive to corporate than citizen interests.