While this leak may or may not have happened, for this type of exposure there should be criminal liability for developers and executives. Criminal negligence and prison time.
If developers are going to face criminal liability, they should IMHO also have legal ways to push back against certain implementations without risking their jobs, or at least have a way to leave a legal justification somewhere: "I'm doing this because I'm forced to but I disagree" which is then signed by management.
Until then, you're putting the weight of the law on the wrong side of the equation, since developers aren't the ones consciously making risky decisions.
Most countries already have whistleblower laws. If you are living somewhere that has any kind of "wrongful termination" legislation, an employer asking you to commit a crime is an open and shut case. I would guess that all of the USA and Europe would have existing sufficient protections, for example (although the US never ceases to surprise me).
Until then, you're putting the weight of the law on the wrong side of the equation, since developers aren't the ones consciously making risky decisions.