The past decade has seen an explosion in software being put and used everywhere. With that comes an explosion of bugs that are exploited. Literally hundreds of millions of people have had all their shit stolen from numerous services that have a laissez-faire approach to application security. It's like getting into an automobile accident; you're basically guaranteed to get into at least one in your lifetime. If you've used the Internet, private data of yours is virtually guaranteed to be leaked by at least one service you use.
I'm not a fan at all of excessive government overreach, but the private tech sector is utterly incompetent of policing itself because a) they don't give a shit, and b) no one is holding them accountable enough (you could argue shareholder should, but there's rarely an impact to bottom lines when security breaches happen). The only thing that will make them care is if an impartial 3rd party that can force them to care.
I'm not a fan at all of excessive government overreach, but the private tech sector is utterly incompetent of policing itself because a) they don't give a shit, and b) no one is holding them accountable enough (you could argue shareholder should, but there's rarely an impact to bottom lines when security breaches happen). The only thing that will make them care is if an impartial 3rd party that can force them to care.