No, that's not what I'm saying. It's not one or the other, these constraints don't prevent the possibility that people may leave if they don't like a service and what it does, they're an additional guard against the very worst potential abuses.
I'm not saying that because company X conforms with the (very light) regulation in place that they're to be trusted, just that I see benefit in having two forms of protection in place.
You're assuming that there is an actual net benefit to having the second form of protection. I don't think there is. It may seem like a short-term benefit if some regulator actually catches, say, Facebook in the act of misusing people's data; but the long-term effect is that people believe that they can actually trust a company with their data when they're not a paying customer (or even, beyond a certain point, when the are a paying customer). And since the long-term outcome of any regulatory scheme is regulatory capture, sooner or later FB will just be buying the regulations they want, and the so-called protection won't be there any more. Again, I refer you to the economy since 2008.
I'm not saying that because company X conforms with the (very light) regulation in place that they're to be trusted, just that I see benefit in having two forms of protection in place.