Banks have many safeguard to protect clients for example PCI DSS. On the other hand as far as I know this is a law requiring them to verify people and I don’t think there is a standard for this. Every company will do its own thing. Highy regulated would require them to have some standard, and I don’t see that.
Banks are highly regulated so it is not surprising that they would be strict in this, reddit on the other hand has no business doing it.
It is not just that, I don’t trust Persona security, if a malicious actor installed a silent program that monitors users and sends it to a command and control center they probably won’t know for months or even years. Cyber security is very bad in most companies.
An example for highly regulated for me would be a periodic audit to insure security and compliance with security control. This law is honestly dangerous in regards to privacy and endangers miners not help them. There no safety guards whatsoever.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5208739
You are correct that this law is dangerous regardless lf implementation though.