Basically I don't like these arguments because it's about the company's size. Facebook should be punished because they are big, have a lot of data and we don't like them, right? No matter how you look at it, it's a Pandora's box.
Maybe there should be a general regulatory framework which all data-storing entities should be subjected to, with stiff penalties for the largest violators, as they can shoulder the burden of the biggest burdens.
Is this not how it works for every other industry? Up until the 2008 bank bailouts, that is.
So what should the penalty be for a 14 year old that contributes a bug into a project like Mastodon or OpenSSH or whatever, which then leaks the data of tens of millions of people?
All this would do is to have a chilling effect on the industry such that only big companies like Facebook will be able to develop critical software, due to being able to afford it. And yes, this happens in all the industries you're talking about. And it did not stop the market from crashing, it did not stop malpractice.
Also this regulation will probably not stop Facebook from lawfully violating privacy.
Oh, but that's the thing, there's no regulation that can stop the consumption of personal data. Let's be clear, we are talking about bugs. The consumption of personal data will continue, because:
1. consumers want it
2. governments want it
The only thing regulation will accomplish is that only companies like Facebook will be able to do it. Yeah, big win.
https://joinmastodon.org/
How about a blog commenting system that leaks emails due to a bug, something like Isso:
https://posativ.org/isso/
Basically I don't like these arguments because it's about the company's size. Facebook should be punished because they are big, have a lot of data and we don't like them, right? No matter how you look at it, it's a Pandora's box.