Comment by 6r17

I mean that there is a big difference between a state automatically providing your data to any other state while having "their database disconnected" - and a human operator in the loop and an administrative verification of the appropriate access ;

For example this would allow a state to refuse access to the PI of their citizens for cases that are not administratively documented. This forces the access audit sufficiently that a malign actor cannot simply request data for a citizen without having probable cause ; another vector we want to protect ourselves against is simply the psycho/sociopaths that have access to these data without surveillance.