[TeMPOraL]

Woah. That's great!

In Poland we actually have a sort-of tradition, AFAIK started by one of computer security portals, where if you find yourself on the receiving end of such CC-instead-of-BCC, you kindly tell the company responsible that this can and should be picked up with data protection regulators, and it would be nice if they e.g. paid ~500-2k EUR equivalent to a charity of their choice.

I'm totally 100% in support of this against companies. Less so about private individuals, though a 150-people newsletter is kind of thought-out and organized thing, and then 2k EUR in Germany is probably less than a monthly paycheck. A hard hit, but survivable without loss of life quality.