Ok, I read that article, and it does NOT support what you said. Not even close. In fact, it largely shows it does insure privacy, and companies are struggling to cope. Good.
My points still stand. We need a US version of GDPR, and while they’re at it, expose paid trolls and bot posts.
You didn’t read the article I linked, I see.
BTW, the GDPR is not about regulating bots either.
Bots cannot touch a website that blocks them on the robots.txt file. This has been the case for decades.