First, there's a desire for a high bar as it relates to the construct of anonymizing, and “generally accepted best practices”, as it relates to the obligation for anonymizing, is seen by many to be a high bar.
Second, I think there is a desire for consistency of application of the construct, which is why “generally accepted best practices” ensures there are standardized approaches, as opposed to a potential patchwork or highly diverse attempts at trying to get to the anonymization of information that may introduce other vulnerabilities because people are doing it very differently.