What do they consider to be a VPN provider? Anyone who sells access to exit nodes? Because I can’t see how they could require point to point VPN logging, nor requiring logging be baked into VPN software with no way to disable it.

I’ll say it again, we have to start pushing in the opposite direction. Some examples:

• Make it a basic right to not have any data about you collected unless strictly necessary for the service delivered.
• Forbid data brokers and any other attempts to combine data from different sources.
• Criminalize data leaks. Financial or medical malpractice can land people in prison or cause them to lose jobs. So should privacy/data malpractice. Note: negligence is a form of malpractice. It should not be possible to get away with a slap on the wrist kind of fine after a major data breach.
• Use the most extreme examples and statistics. Cambridge analytica was at the basis of a major attack on democracy using data from Facebook etc. Both Facebook, Cambridge analytica and benefitting parties should be held accountable in such a case.

Oh, cool. So now we get full transparency which MEP talks and communicates with whom, which websites they visited while using their private and official devices. That should allow us to build an automatic lobby register. And thanks to chat control, we can even get automated summaries of all those talks and what they did? Right? Right?