[paulpan]

As others noted in the other thread (https://news.ycombinator.com/item?id=26736285), the correct action here would be a punitive fine by FTC or FCC for 1) the size of the leak and 2) that FB is refusing to notify impacted users.

Something to the tune of $30-50B, to also send a clear message to all other companies. In this case, FB appears to have sat idle since previous $5B fine for the Cambridge Analytica fiasco. So 10X that previous fine would seem appropriate.

Long term, holding the leaders and board of companies criminally liable for user PII and data leaks (similar to SOX compliance) might be the best solution. The reality, however, is that no such regulation will occur and companies like FB can continue to lackadaisically treat user privacy and data security.