Furthermore, they've actually got a more direct and much more persistent motivation to exploit your personal information for all its worth.
In general the conventional narratives on personal security are completely backwards. If some drive by attacker gets your credit card or social security number and uses them to defraud someone else, your rights are well represented by the system and you have plenty of recourse. Whereas if some commercial surveillance advanced persistent threat gets your personal data accompanied by a boolean field in their database saying that you agreed to "terms" saying they can abuse it however they want, there is literally nothing you can do to stop them in the US. Furthermore the underground lists of CC/SSN your semi-private information made it into will eventually be considered stale and forgotten about, while corporate surveillance databases are forever.
That's a straw man. And financial surveillance companies certainly do aim to use your personal information to extract as much value from you as possible - selling you crap you don't need today, higher insurance rates tomorrow, and so on.
Sure, I guess technically there are some narrowly-scoped abuses you do have the means to stop, so my "abuse it however they want" bites off too much (like for example they can't legally use your address to show up at your house and murder you either). But for the most part no, you have very little say in what is done with your personal information once other parties have a copy of it.
In general the conventional narratives on personal security are completely backwards. If some drive by attacker gets your credit card or social security number and uses them to defraud someone else, your rights are well represented by the system and you have plenty of recourse. Whereas if some commercial surveillance advanced persistent threat gets your personal data accompanied by a boolean field in their database saying that you agreed to "terms" saying they can abuse it however they want, there is literally nothing you can do to stop them in the US. Furthermore the underground lists of CC/SSN your semi-private information made it into will eventually be considered stale and forgotten about, while corporate surveillance databases are forever.