Skip to content
Safety · Jul 18, 2026

Schneier highlights proposal to replace data-control privacy laws with corporate accountability in AI era

Daniel Solove argues in the Wall Street Journal that user control over personal data is ineffective for privacy regulation, advocating instead for rigorous data minimization, fiduciary duties, and algorithmic liability.

Trust72
HypeSome hype

3 sources · cross-referenced

ShareXLinkedInEmail
TL;DR
  • Daniel Solove argues in the Wall Street Journal that giving people control of their personal data is not an effective way to regulate privacy in the AI era.
  • Solove proposes measures such as rigorous data minimization, fiduciary duties, liability for negligent technological design, and algorithmic liability as more effective alternatives.
  • A commentator proposes a mathematical framework—Principle of Epistemic Sovereignty—to enforce verifiable data minimization constraints in AI systems.

Daniel Solove argues in the Wall Street Journal that giving individuals control over their personal data is not an effective way to regulate privacy in the AI era. Instead, he advocates for holding companies accountable for their actions, drawing parallels to regulations in food and drug industries. His proposed measures include rigorous data minimization, fiduciary duties for data handlers, liability for negligent or reckless technological design, liability for algorithms that cause harm, and multi-stakeholder review of technologies.

A commentator critiques the feasibility of Solove’s proposals, arguing that traditional data minimization—restricting collected fields—fails in AI systems. They note that AI models can infer highly sensitive attributes from seemingly innocuous observations, making regulation at the point of collection ineffective. The commentator introduces the Principle of Epistemic Sovereignty (PES), a mathematical framework to enforce strict, verifiable constraints on what an AI system is licensed to infer. Under PES, an agent’s posterior inferences must depend only on a strictly authorized information interface, with violations detectable as mathematical breaches of the epistemic boundary.

The discussion highlights the limitations of the "user control" paradigm in privacy regulation, with one commentator describing the illusion of control users face when managing personal data online. They argue that current legal frameworks, which rely on user consent and data deletion rights, are insufficient in the face of pervasive data aggregation and AI-driven inference.

Another commentator describes how governments and companies, such as Palantir and Thomson Reuters, obtain vast troves of personal data—including health records, financial details, and location histories—through contracts and data brokers. This data is traded globally with minimal oversight, enabling AI-driven analysis and prediction while bypassing individual control. The commentator cites examples such as Palantir’s access to UK health records and U.S. Immigration and Customs Enforcement (ICE) contracts to illustrate the scale and opacity of data flows.

Sources
  1. 01Schneier on SecurityProtecting Privacy in an AI Era
  2. 02Wall Street JournalAI Privacy Laws Need to Focus on Corporate Accountability, Not User Control
  3. 03SSRNProtecting Privacy in an AI Era (Working Paper)
Also on Safety

Stories may contain errors. Dispatch is assembled with AI assistance and curated by human editors; despite the trust-score filter, mistakes happen. We correct publicly — every article links to its revision history. Nothing here is financial, legal, or medical advice. Verify before relying on any claim.

© 2026 Dispatch. No ads. No sponsorships. No paid placement. Reader-supported via Ko-fi.

Built by a person who cares about honest AI news.