Most of this is already restricted under GDPR, or at least is not advisable given the potential fines that couple be imposed for a leak. Other parts of the GDPR which should help are blatantly ignored (e.g. privacy popups that are checked by default), so if the US were to implement similar legislation it would be a big win for privacy.