Peter Swire and Yianni Lagos recently released a nice paper demonstrating the high risk that Europe's privacy regulation will turn all of us into privacy victims. The new right, they say with admirable restraint, "raises serious risks for another principle of data protection law, which is protecting the security of an individual's personal data – in our world of weak authentication and rampant identity theft, moving all of a person's data to another system "without hindrance" creates security risks that can outweigh the portability benefits."
I don't always agree with Peter, but in this case I do. Swire and Lagos rely heavily on the work of an FTC advisory committee on data access and security. I served on that committee, which explored this very problem. Here's a excerpt from my now-twelve-year-old concurring statement: