Why "more" data protection can lead to "less" privacy
I live in a small but not too narrow street in central Berlin. In my street, there had been a speed limit of 30 km/h for quite some time. All of a sudden, local authorities decided that was not enough. Signs were put up warning that the new speed limit was 10 km/h.
Reality of Fundamental Freedom to Drive
Germany is as contradictory when it comes to laws and values as most other countries: While it is widely regarded a fundamental freedom to drive your car as fast as you can on a motorway, local authorities, over the past decades, have constantly come up with new ideas how to make driving as unpleasant as possible in inner cities. They are putting thresholds in some streets and are transforming other streets into zigzag courses. Speed limits of 10 km/h are just the latest trend.
Even for a cyclist, it is virtually impossible to limit the speed to 10 km without falling from the bike. And, of course, you will hardly ever find a car that obeys the rules in my street. Even Germans can be disobedient when the rules are impracticable. While some drivers will slow down significantly, others will completely ignor the signs. If following the rule seems impossible or unreasonable, you may as well ignor it all together.
Reality of Data Protection
And this is exactly where we are with data protection: When the rules are too far off reality and common sense, they will be ignored. When every cookie, every Like button and every publication of a name requires "explicit previous informed" consent, the law may be as refined and strict as it may be, it will still be circumvented and left aside.
Demanding "stricter" and "stricter" laws leads to laws that will not be observed and enforced. And it is exactly for this reason why I am so tired about discussions on "more" or "less" data protection and about the argument that privacy laws must not be "watered down".
Values, Limits and the Law
Good privacy laws will be laws that are practicable, sensible, technically enforceable and widely accepted. And, therefore, it is of utmost importance to differenciate and to adapt the rules to the risks involved. As everybody knows, different contexts of data processing will produce different levels of privacy risks.
What does this mean for the speed limit? If the authorities were wise, they would make sure there were obstacles in the street in front of schools and playgrounds to force drivers to slow down. And they would be liberal in the rest of the street. 30 km/ h is slow enough, and it works.