[JumpCrisscross]

I would prefer starting small and cautiously scaling up. “If you lose my data, you are strictly liable” is a good start because it lets case law work through the holes. (It also causes companies to see personal data as an asset and a liability, not just the former.)

Full-blown GDPR is overkill. It makes more sense to wait a few years and see if the situation in Europe evolves differently from the U.S. I personally believe the law fails to incentivise the sort of behaviour it aspires to, but that’s merely a hunch—better to wait until we have data.

[PatentlyDC123]

I agree with the sentiment of starting small, but your example of strict liability might be starting too strong. Personally, I would start with a lower mens rea. Maybe I see the situation differently, but I believe most of the subjects covered by GDPR are distinguishable from areas of law such as, e.g., products liability, that utilize strict liability.

[brynjolf]

"This is not the time to talk about guns"

[JumpCrisscross]

> This is not the time to talk about guns

That’s disengenuous. I’m saying this is the time to talk about data. But instead of coming out of the gate with a gargantuan salvo or complicated, expensive and unpredictable regulation, let’s start small and work gradually.