Of course they're reasonable. But problematic large scale data breaches are not a new problem. The last financial crisis was almost a decade ago, and yet we haven't developed a new culture of organizational responsibility since, despite the massive societal costs.
Not to make overly sweeping generalizations, but 'hold on, let's think through all the ramifications here instead of being too hasty' is a great way to maintain the status quo while avoiding any responsibility for it. Who benefits? It sure ain't the general public.
I don't think it's so simple, but it's clear that most businesses take a reactive rather than a proactive approach to security and many other important considerations. Guillotining a few corporations is likely to have a salutary effect upon the others.
To some extent this is a cultural divide; anglo-Saxon capitalism has an unspoken ethic of 'forge ahead, cross bridges when you come to them' while continental European capitalism is far more accommodating of social considerations and has a 'first do no harm' approach. There are upsides and downsides to both approaches - and of course these are very shallow and incomplete characterizations of complex economic and cultural factors, which I have no intention of trying to defend if someone complains about them.
Not to make overly sweeping generalizations, but 'hold on, let's think through all the ramifications here instead of being too hasty' is a great way to maintain the status quo while avoiding any responsibility for it. Who benefits? It sure ain't the general public.