Re: No One Cares
Your first proposal is already in place (Articles 13 & 14 of the GDPR). The problem is that many data controllers ignore it.
Not really. GDPR improves a little on the old DPA, but my suggestion is somewhat more radical. So rather than me asking what they hold, anyone holding my personal data is legally required to automatically send me a copy, and obtain consent if they want to flog it, or change any purpose for which my data might be used. It shouldn't be up to me/us to try to hunt down every entity that may somehow have ended up with my personal data.
Big data would naturally object to that proposal, and ok, there would be some challenges. At least with GDPR vs DPA, the penalties for ignoring it can be more severe. Then again, you can also avoid SARs by emulating CA, and ceasing to exist.