Is there a legal standard anywhere for assessing damages for privacy violations? The EU?
How about the cost of being made whole - eliminating this data from everywhere. Does that sound difficult or expensive? Maybe you should be more careful when handling people's data. Businesses handling explosives are usually very careful, for example.
i can give them proforma that i can give them my personal info for like 1B and then they can choose if they want it or not, but if they steal it, obviously they choose to get something with price tag of 1B and i want my money
like the BOM for iphone in china is $150 but if i steal it from a shop i am charged 2K not 150.
I can argue that they did not lose 2K but only $150 because that is the cost of materials but the court is taking the final price tag, not the materials cost.
Same should be with PI data. The price tag for giving out my real home address is that, take it or leave it. (Or steal it and they pay the price).
That should be the fair thing to do. Free economy, you may sell your data for $50, other for $200, some may ask for a million, etc. It is the seller who decide the price, not the buyer.
Otherwise we can go back to the movie piracy and I say: ok, i shared 1000 copyes, 0.01 cent each = here's ten bucks and have a nice day because I choose the price, not you.
This is the current problem with the web business model and terms of services.
Greedy (money gamified) execs hire deceiving lawyers to cover what they actually do with data about you as they monetize it. When you buy a product, it becomes clear over time whether it was worth it. When you get a service for free but you are the product, you never quite know what you paid and are actively misled about it.
I've seen enough sausage made that I know this is, lets say, "not just a Google problem."