Corporate interests don’t care about data privacy or security they care about liability and compliance which are not the same thing.

Major banks and government institutions can’t even be bothered to implement the NIST password guidelines. If they got their gdpr soc2 fedramp whatever it’s green lights and the rest is insurance.