> More laws and larger governments doesn't have to be the answer to all problems
More laws and larger governments are generally undesirable (for obvious reasons) but saying that we shouldn't make any laws at all is throwing the baby out of the bathwater.
If you're thoughtful and deliberate about how you write your legislation, you can have a disproportionately positive impact with a very small amount of additional weight.
For instance, instead of trying to enumerate every single way that data could be leaked and forbid that (see: HIPAA), you should just make the end state (PII in the hands of someone the user didn't explicitly authorize it to be in) illegal and mandate a fine per unit of information (e.g. 1% of the median US salary for SSN) to every entity in the leak chain (because a chain of custody for personal information is just about mandatory at this point).
Details will vary, but this general approach is vastly better than the crazy laws we have in other areas that attempt to "enumerate badness" in the intermediate rather than the end state.
I wasn't arguing for no laws though, only that we don't need to resch for them as quickly as we often do or want to do. I thought the topic here was about banning advertising as a whole, if we want to zoom into privacy concerns relates to the retention of PII data that is more doable and we already have a framework to start with based on the EU.
> If you're thoughtful and deliberate about how you write your legislation, you can have a disproportionately positive impact with a very small amount of additional weight.
Unfortunately that really is a non-starter in the US today. I have very little faith that Congress is interested in carefully considering and clarifying. I have even less faith that any bill with thousands of pages of text, which is how they appear to do business these days, could ever be clearly defined and scoped to avoid obvious unintended consequences or misplaced boundaries.
More laws and larger governments are generally undesirable (for obvious reasons) but saying that we shouldn't make any laws at all is throwing the baby out of the bathwater.
If you're thoughtful and deliberate about how you write your legislation, you can have a disproportionately positive impact with a very small amount of additional weight.
For instance, instead of trying to enumerate every single way that data could be leaked and forbid that (see: HIPAA), you should just make the end state (PII in the hands of someone the user didn't explicitly authorize it to be in) illegal and mandate a fine per unit of information (e.g. 1% of the median US salary for SSN) to every entity in the leak chain (because a chain of custody for personal information is just about mandatory at this point).
Details will vary, but this general approach is vastly better than the crazy laws we have in other areas that attempt to "enumerate badness" in the intermediate rather than the end state.