@dansup while I get that they probably included those thresholds to protect smaller businesses who aren't responsible for the majority of privacy violations, but it seems like it wouldn't be hard for a big business to bypass them.
All they need to do is restructure their business into multiple entities with revenue below 25M or with data sales accounting for 49% of their revenue.
@dansup The limit on data purchase or sale seems like it would be easily bypassed as well if you just share data freely between companies. Treat it as a gift and maybe you're fine?
Of course I'm not a lawyer and this interpretation is probably wrong, but most of the bills I've seen seem pretty toothless.
