Personally identifying data should be protected and regulated like hazardous material. Even with the owner's consent, there should be guidelines regarding how the data is stored and used. For example, if you donate your blood, transferring ownership outright, the hospital still can't do anything they want with it. Blood is blood, and the clinic (for ethical and public safety reasons) can't dump it in the back parking lot, sell it, or use it in a human cloning project. In the same way, data is a tangible thing that can be potentially abused through misuse in ways that affect not only the individual but society in general. I reject the notion that because it digital and because it's on the internet, then it's somehow outside the domain of common law.
"Do Not Seek To Follow In The Footsteps Of The Wise. Seek What They Sought." - Matsuo Basho