> that governments need to put some "guardrails" around engineers and the tech titans they serve
No. We don't need "guardrails" at all. We have an existing legal system that works quite well to discourage companies from profiting from ventures we don't like: we simply make those ventures illegal. Companies have been able to make a profitable business out of harvesting personal data, abusing consent, etc., because these things aren't illegal. GDPR et al is the start of laws in this area, but a financial penalty is simply a business cost. If I can make $500B with a 25% chance of a $5B fine, the rational action is of course to proceed.
If there was a law about certain types of consent being legally required for certain types of data, THEN an engineer, manager, or exec can decide to either a) report the violation to authorities or b) become complicit themselves. When breaking these laws comes with real penalties (jail time, not fines), then the business can choose between a) do something illegal and government puts everyone in jail and takes all assets or b) don't do something illegal, which is exactly what we want.
Bottom line: No special regulation is required here. Simply make a law extending the personal data productions afforded by existing regulations and let the system do its job.
No. We don't need "guardrails" at all. We have an existing legal system that works quite well to discourage companies from profiting from ventures we don't like: we simply make those ventures illegal. Companies have been able to make a profitable business out of harvesting personal data, abusing consent, etc., because these things aren't illegal. GDPR et al is the start of laws in this area, but a financial penalty is simply a business cost. If I can make $500B with a 25% chance of a $5B fine, the rational action is of course to proceed.
If there was a law about certain types of consent being legally required for certain types of data, THEN an engineer, manager, or exec can decide to either a) report the violation to authorities or b) become complicit themselves. When breaking these laws comes with real penalties (jail time, not fines), then the business can choose between a) do something illegal and government puts everyone in jail and takes all assets or b) don't do something illegal, which is exactly what we want.
Bottom line: No special regulation is required here. Simply make a law extending the personal data productions afforded by existing regulations and let the system do its job.