The key question surrounding privacy laws is: "who owns the data?". This is an important distinction to make.

As I understand it, in the US the *collector* of the data owns the data. Whereas in the EU, for example, the person who is the subject of the data owns it. This is big business too - why do you think Gmail is free and constantly available with as much storage as you want? Entire industries make their money with the procurement, analysis, distribution, and usage of personal data about people. Not judging - just saying it is how things currently are. 

There is no silver bullet here. I would love to have more control over my data along with increasing privacy for everyone. I think the "let's throw the execs in jail" feels good to say but would not happen and IMO should not happen. We place enough people in prison already. Instead I think the liability landscape should be changed. Ex. when there are major breaches the company usually does not even know until the news reports it. They always claim "they were caught with their pants down" and surprised by super-powerful nation state hackers. That's not the case nor does it accurately depict the threat landscape.

I am excited to learn how GDPR ultimately turns out. I like Ron Wyden because he is one of the few in Congress that advocates for privacy.