[ajb]

That's all very well, but we just plain don't have a legal, economic, or technical system which will allow separation of the good uses from the bad uses. Once data is in someone else's possession, there's f-all way to prevent it being used to do whatever the possessor wants. Even if there is a legal agreement, it's easily abrogated, or overridden by insolvency law, or by a company having a "we can update our terms" clause. Some of this I can imagine how to address - insolvency law could be changed, for example - but in the absence of a fully robust system, promises of "we will only use your data for good" are not credible. Those who actually want to use data for good should be on the side of robust assurance of that, not just plead that they can be trusted and that no accountability is needed.

[lifeisstillgood]

It’s hard to enforce a law so we should not have the law seems a poor argument.

Let’s say we define personal data about, generated by or inferred from the actions of a natural person as owned by the society as a whole. And misuse is liable to 5% of annual turnover. It’s more or less GDPR. That seems viable - and I am sure an army of class action lawyers will be happy to help out

(Ok I need to work on a better proposal but I think this is more doable than you are allowing for)

[ajb]

I don't think we necessarily disagree. I am pessimistic about laws being effective in this case, but that doesn't mean we should not try to find ones that are. I like your idea. Thinking and trials in that direction would be good.

Data using organisations often seem to prefer fig-leaf laws that aren't effective, and lobby against ones that might be effective. "My data use is a good use, therefore I should not be subject to restrictions and oversight". Instead, anyone with a use of data which is valuable to the public should not see themselves as on the same side as the advertisers and surveillance vendors. They should see themselves as on the opposite side.