[Apocryphon]

Maybe there should be a general regulatory framework which all data-storing entities should be subjected to, with stiff penalties for the largest violators, as they can shoulder the burden of the biggest burdens.

Is this not how it works for every other industry? Up until the 2008 bank bailouts, that is.

[bad_user]

That does not answer my questions.

So what should the penalty be for a 14 year old that contributes a bug into a project like Mastodon or OpenSSH or whatever, which then leaks the data of tens of millions of people?

All this would do is to have a chilling effect on the industry such that only big companies like Facebook will be able to develop critical software, due to being able to afford it. And yes, this happens in all the industries you're talking about. And it did not stop the market from crashing, it did not stop malpractice.

Also this regulation will probably not stop Facebook from lawfully violating privacy.

[Apocryphon]

Maybe there should be a chilling effect on the industry, and the drive to consume ever more personal data is harmful to society and wrong.

[bad_user]

Oh, but that's the thing, there's no regulation that can stop the consumption of personal data. Let's be clear, we are talking about bugs. The consumption of personal data will continue, because:

1. consumers want it

2. governments want it

The only thing regulation will accomplish is that only companies like Facebook will be able to do it. Yeah, big win.