This, exactly this. A big part of what got us into this mess is that data is very very cheap to collect, store and process with modern computing. And there is basically no other cost or downside to dealing with the data. This has led to a gold rush where every company became obsessed with data, thinking that any piece of data was valuable and could be monetized eventually.

If however there were strict liabilities for data leaks or privacy breaches, businesses would collect just the bare minimum data and get rid of it as soon as it is not strictly needed.