I'd like it
if they just forced these companies to get prior authorization before gathering information on people it would make me happy. By prior authorization I mean a separate, standalone form that had to be filled out and signed by each person they want to track, with a requirement that the form be renewed each year. A form buried in a site access agreement that you must approve allowing unlimited, internet-wide tracking before being allowed access to that one site would be banned. I'd only be willing to sign one of these forms upon the deposit of 50,000 dollars a year to my bank account. I mean, obviously my data is valuable or they wouldn't want it so badly, right?
I could see allowing a site to make you sign a form before accessing that site ONLY if it spelled out that you would only be tracked around that one site, all tracking stops when you leave that site, and that the form spell out all conditions covered on that specific page, with the form required to be in black and white, minimum 12 point type. None of that 2 point dark grey on a slightly lighter grey legally binding text crap some sites pull.
Any company found tracking people around the internet without a signed, up to date authorization form, 5,000 dollars per instance. Any company fined more than 100,000 dollars per year, someone on the board is going to spend some time with Colonel Clink. And to make sure they are doing it right, the company must submit to regular, no-notice record audits.