In general, sure, but in any particular case? Essentially what I said before: It's not useful to exclude one or the other a priori, but it seems perfectly sensible to end up with purely technological solutions to some problems and with purely legal solutions to some others. Or phrasing it differently: It's not useful to set the balance of technological vs. legal solutions a priori. For some problems, a 99% technological/1% legal solution might be the right balance.

> My understanding is that EMV cards have a unique keypair stored on them, in which case it's not a big stretch to imagine a process that encrypts the exact record of what you bought with the card's private key, so it's a technical impossibility to decrypt without your consent.

Well, I'm not sure that that's the case currently, but given that they are smart cards, that sure would be a possibility. But it wouldn't really help much anyway, because that (a) doesn't hide who paid how much when to which vendor, which is already a huge privacy risk and (b) can not prevent collusion between vendors and banks. The vendor knows what they sold you in that transaction, there is no real way to force them to forget that. And also, if it's a card handed to you to your bank, how do you know they don't know the key? The only way to reliably enforce privacy there is to make the payment anonymous the way cash does.

Of course, one could maybe build something like digital cash, but that would probably look closer to bitcoin than to credit cards or bank transfers.

The point here is: It's not helpful to just say "solve this with crypto" if you can't really explain how crypto would actually solve the problem while sort-of dismissing the actual technological solution to the problem: cash.

> I'm a bit baffled - it seems pretty clear to me that legal changes have been a major part of our general progress as a society,

Well, yeah, sure!?

> and have in most cases been part resolving social problems.

Have they? That seems questionable to me, and also pretty difficult to even quantify. And also, it doesn't really get you to your claim anyway if is't just "most cases", does it?

> Sometimes we change the law to get to a desired solution, sometimes we change the law to enshrine an established solution.

And sometimes neither of those because technology simply makes the problem disappear?

I mean, I don't have any objection to legal solutions to problems, I just don't see how it makes sense to say a priori that legal measures must be a part of the solution to some problem, instead of looking at the effectiveness of various approaches and choose a good approach based on that. If legal rules regarding personal data are basically unenforceable and we have strong evidence that the ones we already have are constantly being ignored, then maybe the technical solution of using a payment system that doesn't give anyone even the chance to collect personal data to abuse is the effective solution? Why should we prefer a (more) legal solution when all the evidence suggests that it doesn't work?

I guess another way to look at this is to consider that legal solutions without some sort of technological foundation can actually not work for anything. What I mean by that is: Writing down a bunch of rules alone does not solve any problems. Only when there is some structure that ensures that those rules are actually being followed does a legal solution become effective. Which thus also means that if you make rules where it is impossible in practice to ensure that they are being followed, you do not actually have a solution at all.