> The best Amazon can do is ensure brand managers don't have access to this data

This is easier said than done. Data exists in multiple places. It transforms in the form of reports and presentations. Policing this is expensive, which is why it almost only happens under regulatory pressure.

I mean, can we get the politicians to say the government and it's employees aren't accessing data that they're not allowed to access/have?

> Policing this is expensive, which is why it almost only happens under regulatory pressure.

I completely agree. Before GDPR, many companies did not knew who was accessing the data, what was the reason to store it and if there was any value to that data. Now, I have seen an increase in understanding of which data the companies have.

I have worked adapting services to the GDPR. The reality is that it is very cheap to design systems with 100% data accountability. The main problem is to adapt old systems full of technical debt where nobody knows if the data is used or not, or even how up to date it is.

Hence why we are here.

There's a reason basically every SDE is subject to the trading window: its impossible to give them the permissions necessary to do their jobs without also giving them access to highly sensitive information.