This lw has been in effect in the form of various national laws for over a decade. GDPR is only slightly different from Swedish national Data Protection Law, for example. So yes, this entirely the tech’s fault and debt. We as an industry have ignored these laws for too long, and now crying because the debt is being collected. Boo hoo. Cry me a river.