Hence, the GDPR's making a distinction between data essential for operation of the basic service vs. more broad collection.
I take your point that some level of this power exists, necessarily, within internet-based companies with online users.
But I think there's a big difference between, say, signing up to Grindr where you submit a basic form with limited information (and presumably) can retain some minimal anonymity in how you use the app --- and a system whereby the history of all your actions across your online life (banking, social media, dating apps, etc.) is collectable by a centralised agency.
With laws like GDPR, broad datasets have become a liability for companies like telecoms, banks, etc. They don't want it. Accidentally forming 'rich user profiles' based on non-annoymous data is a legal liability.
This is exactly the incentive structure needed. Rather than have companies with an existential profit motive to build mass surveillance systems.
As far as whether a relational database that takes user data from a form is different to a whole system of streaming live event databases with massive streams of user monitoring across websites --- well, I think it wouldnt be hard to write a law against the latter.
These are political, moral, legal and technical distinctions that can be drawn.
I take your point that some level of this power exists, necessarily, within internet-based companies with online users.
But I think there's a big difference between, say, signing up to Grindr where you submit a basic form with limited information (and presumably) can retain some minimal anonymity in how you use the app --- and a system whereby the history of all your actions across your online life (banking, social media, dating apps, etc.) is collectable by a centralised agency.
With laws like GDPR, broad datasets have become a liability for companies like telecoms, banks, etc. They don't want it. Accidentally forming 'rich user profiles' based on non-annoymous data is a legal liability.
This is exactly the incentive structure needed. Rather than have companies with an existential profit motive to build mass surveillance systems.
As far as whether a relational database that takes user data from a form is different to a whole system of streaming live event databases with massive streams of user monitoring across websites --- well, I think it wouldnt be hard to write a law against the latter.
These are political, moral, legal and technical distinctions that can be drawn.