The license is only for protection of user personal data - names, dob, address, id documents data, credit card data etc, and not, say, how many upvotes you have on HN. The vast majority of sites and software do not need to store any of this data. And the vast majority of code that is written has nothing to do with user personal data.

The larger legal change has to happen is

1. Do not store user personal data if you don't have to (EU already has laws about it)

2. If you store user personal data, you have to guarantee up front that it is stored and processed in a safe way (what I am suggesting). Of course, exception can be made for sites/software with small number of users, or give some time bound leeway, so startups can grow before having to hire a licensed engineer.