> cat and mouse game of companies finding loopholes in the regulation and regulators rushing to
but here is the thing, most "loop holes" in this kind of law technically aren't loop holes in this kind of laws (but loop holes in enforcement; Because laws normally aren't based on specific technical solutions, so don't care how "clever" you solution is.)
the main problem is hesitant, slow and ineffective enforcement which moves things from "you can't do that and if you do you get increasingly higher penalties the longer you insist to not comply" to a broken "you can do that at a cost lower then your benefit and a bunch of annoying law suite dragging out for years"
best example is GDPR, it's relative clear cut and not vague and most "loop holes" are relatively clear cut not allowed. That is until judges made decisions which where clearly not in line with the text of the law because it was politically very inconvenient that the main business model of all the local news papers doesn't work anymore. Or humoring nonsensical arguments from meta in court instead of just shutting them down the moment meta brings them up. So now companies often don't try to comply with GDPR but instead try to guess "what degree of non compliance is widely allowed" and that is where GDPR compliance becomes complicated and legally unclear.
but here is the thing, most "loop holes" in this kind of law technically aren't loop holes in this kind of laws (but loop holes in enforcement; Because laws normally aren't based on specific technical solutions, so don't care how "clever" you solution is.)
the main problem is hesitant, slow and ineffective enforcement which moves things from "you can't do that and if you do you get increasingly higher penalties the longer you insist to not comply" to a broken "you can do that at a cost lower then your benefit and a bunch of annoying law suite dragging out for years"
best example is GDPR, it's relative clear cut and not vague and most "loop holes" are relatively clear cut not allowed. That is until judges made decisions which where clearly not in line with the text of the law because it was politically very inconvenient that the main business model of all the local news papers doesn't work anymore. Or humoring nonsensical arguments from meta in court instead of just shutting them down the moment meta brings them up. So now companies often don't try to comply with GDPR but instead try to guess "what degree of non compliance is widely allowed" and that is where GDPR compliance becomes complicated and legally unclear.