So what is the line, then? Inadvertently sucking up people's tax return info and sending to who knows where because they get a few incentives for it is fine? What about a VoIP company sending call metadata? Or a burglar alarm company sending when you are home or not? At what point can we say 'make your money decently and don't sell customer data for a few pennies or you get made an example of'?