That's not unreasonable in principle, but then it gets more complicated: do you propose to hold the entire company accountable for the actions of a small part of it?
Of course.
this would mean companies would be immediately obliged to disempower their entire staff
No.
Their entire staff is already "disempowered" to make decisions that could put the company in legal trouble. Also this is intended, not merely reckless. Do you really believe this was some nobody's idea? Come on!
Please, someone with real legal knowledge could you explain why this is not like Volkswagen.
I suspect that privacy violations are not quantified or else a "class action" would dry any and all the profits.
There's a big difference between "not authorised" (the current reality) and "disempowered". You are not authorised to send emails that place the company in legal jeopardy. You are disempowered from doing so if every email that you send has to be reviewed by a company officer first. The norm today is that you are trusted to not exceed the limits of your authority.
How about every line of code that you write being reviewed by legal to make sure it was within the bounds of the law?
There's plenty of scope here for a far more defensive position on ensuring compliance. That is what you would expect and desire from any attempt to massively increase the liability of errors, no?
Of course.
this would mean companies would be immediately obliged to disempower their entire staff
No.
Their entire staff is already "disempowered" to make decisions that could put the company in legal trouble. Also this is intended, not merely reckless. Do you really believe this was some nobody's idea? Come on!
Please, someone with real legal knowledge could you explain why this is not like Volkswagen.
I suspect that privacy violations are not quantified or else a "class action" would dry any and all the profits.