[sillystuff]

To have a material impact on the violators, we need the ambulance chaser lawyer equivalents for class action lawsuits to see $$$. The individual victim will receive less than a successful small claims suit, but a few $K paid out to sufficiently motivated individuals in small claims is effectively $0 to these companies. A few class action awards of millions to 10s of millions each, will at least show up on their balance sheets. I suspect it will still not be enough (we will soon know since other states' recently passed privacy laws which provide for private action).

What we really need to do is outlaw data collection and "sharing". If the service being provided does not require the company to know e.g., your location data (and has not received an explicit opt-in [for that single specific data type to be collected] that auto expires in n months), there should be massive GDPR style fines if the company is found to have collected location data. Unlikely to happen (in the US) as authoritarians in law enforcement and their supporters love to use private companies to do an end-run around 4th amendment protections that would make the data they are buying illegal, if they had collected it themselves.

I'd love to hear someone with expertise in the law opine on whether a pro-privacy DA could use existing laws like anti-stalking laws to prosecute these companies and their execs-- I'm thinking of the way RICO laws have been used so creatively over the last few decades.