[nannePOPI]

Most laws of this kind are made so that they can exclude small players from the market.

If something goes wrong, Facebook can easily hire an army of lawyers and "prove" that they "processed [data] in a manner that ensures appropriate security".

But a small player can't do that. This has the follow advantages for big corps and governments:

1. Big companies can use the laws to destroy small companies (they just need to push the enforcers of regulations in the right direction, maybe with a little gift or something wink wink) 2. People don't even try to create a small company, because it's too risky, so big companies don't have to face any competition at all 3. Governments and other institutions can use the laws to stop people who spread informations or products that go against their interest. In fact the main reason for GDPR is stopping the spreading of true informations about the current political situation in Europe (what they techinically call "fake news"). It's much easier to control the web if you only have Facebook, Youtube and other channel you can easily manipulate. Good luck instead controlling hundreds of thousands of small blogs, mailing lists, chat rooms, etc