I really don't know what to tell you. You're literally calling for universities to either break the law or not worry so much about following it, and calling people who do want to be careful about following the law "incompentent and useless".
If you don't see how extreme that is, and how much society would break down if everyone started thinking laws were optional and ought to be ignored when they prevent you from accomplishing your "mission", I just don't know what to tell you.
Quite the contrary: society very obviously runs because people ignore policies and laws constantly. That's why following all laws exactly is considered a protest or subversion strategy: malicious compliance.
Like the entire AI industry could only work by completely ignoring copyright law. Basically no software could be written if developers were concientious enough to check for and avoid patents first. Tradesmen ignore safety policies. Doctors ignore limits on hours. People do work on their homes with no permits.
Part of being an adult is exactly knowing which rules are important and which you ignore.
Individuals can choose which laws to ignore, like when they jaywalk.
Corporations, universities, etc. are very different. They create policies which are documented and which their employees are required to follow. They engage in risk analysis.
"Part of being an adult" has nothing whatsoever to do with the laws and regulations that apply to organizations. You're making a severe category error.
It's not "sheer laziness". I can almost guarantee you that Instructure would prefer to e-mail the grade itself, and probably had the code working somewhere before feedback from universities told them to remove it.
There are absolutely cases where sending an e-mail to the wrong person is a violation of FERPA. Can you guarantee that your software will never be configured to accidentally e-mail someone besides the student? That no administrator will ever accidentally set up the wrong e-mail address? Because you're not sure if you can make that guarantee, it's legally safer to restrict it to the actual LMS login.
Yes, I have written software that would email a student information that was in scope for FERPA.
It’s rather simple to restrict sending email to @student.uni.edu and then further force their email to match the username and email address that is synced from the SIS.
How much FERPA compliant software have you written?
