I don't see your reason for downplaying the GDPR. That plus saying you're willing to forgo your second/third ask (deletion is paramount!) just feels like trying to bargain with the surveillance-industrial complex for something it'll accept. But most anything in that direction is just creating loopholes for the surveillance industry to nullify the intent of such law.
Your simple regulations sound great for the cases they address, but there are a lot of corner cases that the GDPR addressed that your "simple" requirements do not. For example, what happens when a surveillance company uses a third party data processor outside the jurisdiction? That is not a sale, and yet the processor can proceed to do whatever they want. Or when a company insists that it has obtained indefinite "consent" by some claimed assent to a contract of adhesion, or as part of a contract with a third party?
The surveillance industry would love nothing more than to pass fig-leaf regulation that purports to create rights but actually just enshrines their regime into law while giving them further protections. That's precisely what they managed to do with the "Fair" Credit Reporting Act, which is why that segment of the surveillance industry has continued to spiral out of control, pushing nonsense like "identity theft" onto us.
Your simple regulations sound great for the cases they address, but there are a lot of corner cases that the GDPR addressed that your "simple" requirements do not. For example, what happens when a surveillance company uses a third party data processor outside the jurisdiction? That is not a sale, and yet the processor can proceed to do whatever they want. Or when a company insists that it has obtained indefinite "consent" by some claimed assent to a contract of adhesion, or as part of a contract with a third party?
The surveillance industry would love nothing more than to pass fig-leaf regulation that purports to create rights but actually just enshrines their regime into law while giving them further protections. That's precisely what they managed to do with the "Fair" Credit Reporting Act, which is why that segment of the surveillance industry has continued to spiral out of control, pushing nonsense like "identity theft" onto us.