Your personal data is YOURS! Your name, address, and all the rest, is YOUR responsibility. Years ago the banks, using this logic went to our congress and requested that they enact legislation that, using this logic, made the banks not responsible for any personal data they might be holding. The congress, in its infinite wisdom took it one step further and said that if the owner of such personal data, gives said data to anybody (banks, hospitals, credit card companies, etc) then, should anything happen it would be the responsibility of the OWNERS of said data to fix the problem.
As far as I know, to this day, they are still using that same logic when anything bad happens.
Facebook sold your personal data? Tough, you gave it to them and they certainly are not responsible. Bank gets hacked, somebody steals all your data - not their fault, you gave it to them. When equifax got hacked and millions of personal records stolen it turns out that the reason was that Equifax actually had little or no security on the records, this seems to be the truth a LOT of the time. Why would they? They are not responsible because OUR congress said so!
I know, lots of suits moving through the courts. There is a history for these kinds of suits and the record, for the so-called personal owners of the personal records are not exactly winning the big bucks and this is the problem. Its kinda like money in politics, that isn't about the money so much as two older decisions that said that "speech is money and money is speech" (this one, I think was in 1978) and "corporations are single human beings".