> If it can technically be done and it is valuable in any way, it WILL be done.
Until society determines that the practice is unacceptable and outlaws it. Outlawing it won't completely eliminate the practice, of course, but it would dramatically curtail it, and provide people with an actual means of rectifying the situation when someone is breaking the law.
My point is that if something is being monetized, what makes it monetizable is the agreement between the user and the service provider.
All sorts of data is collected every day that is not monetized, but could be.
Consumers are allowing their data to be monetized by agreeing to sign up for "free" services which take an asset from the user which they do not know how to monetize themselves.
In a way the dynamic is similar to the early 20th century BP oil fields in Iran; the Persians had oil under their feet for centuries but outsiders came in and started to pump it out of the ground, making themselves rich but the general public of Iran - not so much. They didn't even know what to do with oil at first.
Once the Iranian people saw what was going on and realized that they were being exploited, they elected a leader who sought to nationalize the oil fields, since they finally began to understand what asset they had and how and why they could monetize it themselves.
The internet needs its own Mohammad Mosaddegh, so to speak. Not to commit property crimes and break contracts like Mosaddegh did - but to show the masses what is going on in a way that encourages them to change their behaviors in a fundamental way.
You don't need to make IP logging illegal to make collecting user info that's not absolutely necessary to a transaction illegal, and to make selling or using any necessarily-collected data for anything other than e.g. auditing or further service to the transaction (returns, say) also illegal. I don't know how this became about Apache logs or whatever.
[EDIT] my point is there's a ton of info being collected that goes way beyond web server logging, so I don't know how this became about why all this is impossible because server logs are a thing.
"absolutely necessary" does not mean anything. For example, tracking in banking systems has very good justifications such as fraud detection. That alone means banks have a blank check to connect tons of features about their users, and not for nefarious purposes.
[EDIT] to your EDIT point: even with server logs you could start building user tracking and if your net is large enough you can derive a massive amount of data just from that. Pattern analysis, sites/services users connect to, geolocation, etc... even without the most sophisticated tracking systems this is already good enough to build business value.
Cool. Can't sell it, can't leverage it against users (e.g. use it to select which products to try to sell them). If you're doing that on any significant scale it's gonna leave a hell of a trail and enough people will be involved that it'll be found out.
"waaaah but we need to share it with 'partners'" hahaha OK whatever, but bet you don't though. Illegal. Figure it out. Bet you can.
You forgot another vector of how companies monetize user data: using it to train ML models.
You don't need to keep the data long-term (though it would be more profitable if you could). You can still get a lot of value using the data to train an ML model, then use that model to build valuable decision-making systems, which few other companies could produce.
Oh, yeah, definitely that should also be illegal. If you want to train an ML model you should have to pay directly for that data, not in connection with any other service or product. The current system means every successful monopolist is also a de facto nigh-unassailable leader in ML, which clearly sucks. "Create or buy a massive spying service" shouldn't be a necessary step 1 to realistically competing in consumer- and human-focused ML.
I disagree, many times the very reason I gave the company my data was to leverage their ML capabilities. For example, the only reason I gave LinkedIn my data was so they could find me better jobs. No one would have bothered if it were just a glossier version of Craigslist.
Plus, banks training models for fraud detection has an obvious benefit to everyone.
I don't understand your point. If it can technically be done and it is valuable in any way, it WILL be done. No matter the justification.