The focus of the online seminar was the research paper that carries the same name, which can be found here. The article explores the enforcement gap in data protection—that is, a wide disparity between stated protection in the books and the reality of how companies respond to them on the ground.

Lancieri referred to a literature review of 26 studies analysing the impact on the ground of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), emphasising that none found a meaningful improvement in citizen's data privacy. It then describes and analyses the three core building blocks of data protection regimes in the United States and Europe – namely, market forces, tort liability and regulatory enforcement. He spoke of two key reasons – particularly deep information asymmetries between companies and consumers/regulators, and high levels of market power in many data markets – that enable companies to behave strategically to protect private interests and undermine legal compliance. Finally, he concluded by looking at the institutional design of antitrust and anti-fraud laws, two regulatory regimes that face similar challenges in their implementation, to argue for a redesign of data protection enforcement regimes.