[Spooky23]

Data privacy isn’t trivial, but the core concepts are pretty straightforward. Like cash, data is both an asset and liability. The business model of tech insulates the investors completely from liability, so there is no incentive to self-police.

The contempt shown for us collectively as users and people is what triggered the regulatory backlash.

The 2016 electron demonstrated that better than anything why this is important.

[closeparen]

The internet's role in the 2016 election was primarily its ability to connect like-minded people and capture their attention in a venue where advertising can be purchased cheaply and casually. Data may have helped with ad targeting, but was basically incidental. The insufficiently regulated thing there was speech, not data, and there are good reasons we don't really regulate speech.

[fanzhang]

I agree that the Facebook/Cambridge Analytica debacle should have been prevented. I'm not totally sure what's the best legislation to have helped that while having the minimum side effects.

As mentioned before, size limits is probably good for compliance costs; if the problem is political influence, make that a key part of the law. Making part of the law liability per privacy breach can be useful too (to deter companies from lax security that end up with them hacked).

[sequoia]

> I'm not totally sure what's the best legislation to have helped that while having the minimum side effects.

Legislators don't have the luxury of saying "I'm not totally sure what's the best legislation" to fix this issue; they are forced to propose an actual fix. If you don't have a better alternative on hand, I'd urge you to consider that which legislators have arrived upon after months or years of consideration.