The past decade has seen an unprecedented wave of regulatory activity aimed at governing the information economy, with privacy, antitrust, and Artificial Intelligence (AI) at the forefront. Yet despite a surge of lawmaking and enforcement—especially in the United States and the European Union—persistent concerns over the harms of digital markets remain unresolved. This Article investigates the gap between regulatory ambition and real-world outcomes by critically examining the impact of privacy laws as a primary case study in digital regulation. Drawing on interdisciplinary research from law, computer science, and economics, it synthesizes existing empirical studies to assess whether privacy laws meaningfully enhance privacy. The analysis reveals two competing privacy paradigms—subjective and objective privacy—and shows that current privacy laws fall short on both, mainly because their underlying goals and regulatory means are misaligned with the structural realities of the data-driven economy. The Article further argues that both researchers and regulators focus too narrowly on procedural compliance and observable behaviors, neglecting firms’ opaque data practices and the broader systemic effects of surveillance capitalism. To address these shortcomings, the Article calls for a shift in regulatory approach based on two principles—first, strengthening objective privacy protections, and second, fostering empirical scrutiny of the information economy itself. By reorienting privacy regulation toward meaningful and measurable outcomes, policymakers can begin to close the widening gap between digital governance and the lived realities of the digital age.

Link.