Lawsuits are irrelevant when you're fined $1m per person per leak. Tech and ad companies have zero need to comply with any privacy laws whatsoever as any fine today is not even worth 5 cents per person per leak. The only way that any company would take it seriously is if a single massive leak would crater the company permanently. What this means is you have zero chance to leak data. As an added bonus I'd make such a leak also mandatory for the C-level suits and board of directors in such cases to get 20 years minimum.Oh, the lawsuits that would happen for unauthorized release of records would be stellar. Big bucks.