The problem the USA has is that it has no concept of "private data" outside of some part of HIPAA.

Until that changes you're going to be stuck.

Something as simple as the data protections act 1998 (https://en.wikipedia.org/wiki/Data_Protection_Act_1998) would kneecap a lot of the shady shit that goes on in the USA.