Tbh thats still a better outcome than the status quo isn’t it: a single hack is now limited in damage, and multiple are required to do the equivalent of todays scenarios

What if everyone contracts out the data collection to a single party? Only giving the data a larger exposure.

I'm really glad this is coming to light and I hope it passes. It will be very interesting to see how companies try to avoid it, but at first glance, it seems well thought out.

If that company has 1,000,000 or more customers' data, then they're no longer exempt. Maybe you came in after the OOP did their edit.

“Controlled”