I'm watching the Data Privacy Day 2020 live stream (https://staysafeonline.org/dpd20-live/) and I've spent about half of the time yelling at my screen.
There have been a few great speakers and panelists, but the demographic skews really heavily to the corporate/lawyer side of things.
If these are really the most authoritative voices they could find on the topic I can't imagine they spent a long time looking.
Example: after watching for more than an hour I just heard the first mention of encryption.
The GDPR is broadly considered the global standard, but even it is really soft when it comes to the definition of legitimate use-cases for data processing. So-called legitimate use cases can entirely bypass consent.
The problem is that these legit cases are evaluated and argued by people that don't understand better alternatives than the status quo.
We could do a lot better.
Lots of recommendations to get a lawyer to handle complex issues...
I have to say: legal compliance is an incredibly low bar, even from the perspective of international privacy law.