This draft does a terse job explaining why, I think, but we can get real improvement if we think about how. There are two ways we can take that up: by thinking about legislation or by thinking about politics.

If privacy regulation should be based—as I think and you agree—on environmental principles of regulation (based not around transactions but around standards of care and liabilities not for breach but for failure to avoid harm) then what should legislation look like. Thinking about the architecture of US environmental law (NEPA; the air, water, and waste statutes; impact statements and their jurisprudence; criminal statutes and enforcement) might help to lay out a broad blueprint of the statutes we would need, which would*mdash;it is needless to say—look nothing like GDPR and all the other national legislation that depends on or imitates it.

Politics tells us what can be made law, not just legislation. That brings you into the question, if this is what we need, why do we have something completely opposite? We have a carefully-constructed no-law system in place, with some exceptional areas of carefully-determined law represented by those alphabet-bubbles to which you refer, marking islands of government efforts to protect people in a sea of protecting data against interference from the people it's about. Such an intricate filigree structure does not arise by pure accident: we need to understand how it evolved if we are going to get sixty votes in the Senate for something else.

Microbrain Word didn't really export the footnotes to HTML. They should have been links anyway, anchored in the text.