[beAbU]

But that's not the same? The online retailer is /giving/ my address to the courier. Without it the retailer nor the courier will be able to give me the service/product I'm paying for.

I think it's perfectly fine to make ‐reselling‐ of personal data blanket illegal. Since it's my data, I might have consented to giving the data to someone for some purpose. However, they absolutely have no implied consent that they can sell that data to someone else, no matter what their EULA says. If they want to sell it, then I need to get a dividend of that sale revenue, since it's my data.

This is not a physical good that's changing owners. It will always be irrevocably linked to /me/. That's what makes it valuable. So the owner of that data will forever and always be me, no matter who "bought" it. Exactly the same way that buying a digital game does not make me an owner of that copy, but merely the owner of a perpetual-yet-revokable license to play the game on my sanctioned console.

[GuB-42]

So, take any service that connects buyers to sellers: eBay, Craigslist, AirBnB, realtors, etc... They are essentially in the business of trading personal data, so that the buyer and seller can get in contact and complete the transaction. It is even more obvious in dating sites/apps.

...but that's not the same you might say. That's right, but how do you put that into law? You need actual rules, "don't be evil" is not enough. There are hundreds of cases where sharing personal data is "right" and expected, and hundreds of cases where it is "wrong". You want to allow the "right" usage and ban the "wrong" usage. And then you have lobbies trying to explain why they are on the right side and their opponents are on the wrong side, and then you will have lawyers who are really good at finding loopholes, and in the end, what you get is something like GDPR with all its complexities. You can't really escape it.

[pessimizer]

These examples are no good. It's unnecessary to put into law that if someone explicitly hires you to share particular information with some set of people, you're allowed to. You're not only allowed to, you're required to, because that's the business arrangement you've made.

You're making an "it's all so complicated" argument, but not pointing out any actual occasion in which it might be complicated.

> There are hundreds of cases where sharing personal data is "right" and expected, and hundreds of cases where it is "wrong".

This is as close to a direct citation of the law of averages that I've seen in a long time.

> And then you have lobbies trying to explain why they are on the right side and their opponents are on the wrong side,

"Everybody is going to complain anyway..."

> lawyers who are really good at finding loopholes

The problem is lobbyists that are very good at adding loopholes.

> in the end, what you get is something like GDPR with all its complexities. You can't really escape it.

When you want to pass a law limiting what companies can do with data without the user's consent, but don't really want to limit what companies are doing in any way, you end up with weird, baroque definitions of data and consent.

If you're never willing to risk profits, or to make certain businesses completely unsustainable, then every regulation must come accompanied with either a trivial method for large enough companies to ignore it, or must be paired with a completely unrelated regulatory giveaway.