One thing that needs sorting out...
Is your privacy when a company is holding your data.
If someone somewhere agrees that we all have privacy over own own stuff we want kept private (a foregone, you'd think but govt's don't like that stuff) then...
The law should extend to organisations holding data you have provided and indicated you want kept private. e.g. Facebook profiles (hide from search, visible to friends, e.g. authorised people, only). So it should enforce that privacy except that the Met/whomever don't need a warrant to ransack your FB data (in they same way as they would your house), they only need to ask FB's tech people to 'co-operate with an investigation' which they likely will.
So one aspect of the problem is the enforcement of privacy (or lack of by people in power who decide that might inconvenience them). Your so-called 'privacy' rights should be extended to all dimensions of your life if any at all. Which means the ICO needs to tell companies that they do NOT own your data, they merely store it on your behalf. Which then means they need to mandate they store UK peoples' data (for example) in a UK jurisdiction so it can be enforced and that they never 'extradite' the data to storage in jurisdictions with weaker rules.
Can't see that coming into being any time soon, can you?