This chapter canvasses political mechanisms of control through the operation of scrutiny bodies in the United States, the United Kingdom, and Australia. These include parliamentary or congressional committees, auditors-general, information commissioners, and ombudsmen to monitor the performance of the executive, as well as the institution of public inquiries for large-scale scandals. These political mechanisms of control have become major avenues of accountability through ex ante mechanisms of standard-setting by oversight bodies, and ex post mechanisms of investigations by these scrutiny bodies that expose scandals and controversies, and audits by auditors-general.

Chapter 5 examines traditional data protection law’s regulatory outcomes. It shows why data rights and rules, while desirable, don’t address the core problems of the contracts model and can’t work well without the liability model. Data rights unintendedly impose administrative burdens on those they protect. Mandatory rules better address power asymmetries and manipulation than defaults. But our procedural rules overregulate while they underprotect: they benefit large players by adversely affecting new players and they allow companies to comply merely by following box-ticking exercises. Against this backdrop, laws legitimize exploitation that can be executed while remaining compliant. A risk-reduction approach based on standards would reduce informational exploitation.