Privacy laws allow for enforcement authorities and plaintiffs in private actions to seek damages based on a “violation” of the law. Quantifying these damages can be challenging because the laws do not define how a “violation” should be calculated. Is it limited to one violation of the law, or is there some other way to measure a violation? For example, should it be calculated by adding up the total number of consumers affected by the business’s conduct, adding up the number of statutory sections the business violated, or adding up the “per transaction” violations (e.g., each call, each scan)? A panel of WG11 drafting team members will lead a dialogue with all attendees on their draft Commentary, which draws from the interpretation of various privacy laws to suggest the meaning of a “per violation” measure of damages.