[Judgmentality]

Someone else proposed what I consider a very reasonable solution. Just make whatever data they have 100% transparent, and you as the user can choose to offer less (or more) at any point in time. This should be regulated similar to HIPAA with serious penalties for any violations, because it absolutely is about avoiding privacy violations.

And if you as the user want to share no data at all, you should have that option. This is the company's problem, not the customer's problem - or at least that's the world I want to live in.

And obviously don't hide anything behind dark patterns, and all the other common sense gotchas. Violations should be treated as criminal fraud with prison time (assuming they are found guilty in a court of law, and proving criminal fraud is notoriously difficult but the threat needs to be real).