This just removes the fig leaf. .. Anyone who's serious about security wouldn't rely on the ISP being on their side-- one would already be using strong encryption etc. for all communication if one were actually concerned about security.
This really is the best way to look at things.
If people want "privacy laws" then those laws shouldn't be about what's not allowed to happen; the laws need to be about what is required to happen (the goal being to encourage common sense practices, because nobody can protect your privacy for you.). Make it so that businesses and people can't access government's network services without going through a darknet, for example. Do not allow any plaintext email communication with the government. Put into "REAL ID" that the issuing authority also has to sign the identified person's key and include the fingerprint on the ID card. Don't allow government money to be spent on computers containing any software which can't be audited and maintained. And so on.
Don't make anyone protect their privacy overall, but do make it so that they have to pay lip service to common sense in any interaction with government (and then let convenience and economy of scale take it from there; lazy people will then do the right thing). Or, just don't have privacy laws since, obviously, we don't really care. Pick one or the other.