(no title)

1) Do you have to repeat consent every time the ToS or another policy changes?

2) What about repeating consent every time there is a feature change?

3) Should your consent remain after controversial events involving security (FB using 2FA phone #'s for ads; data breaches like Equifax)?

4) What about internal company changes like leadership changes at the executive level?

Unlike consent involving intimacy, there is no big red line where it clearly becomes non-consensual. You can technically delete all of the data, but no one has built something that does that and is trusted. There isn't a right-to-be-forgotten law in every country, so archiving sites can still retain this information anyway.

Plus, it could always be on some flash drive that a malicious employee passed to other companies. Large companies like Facebook have pockets where people can essentially operate with impunity or oversight for periods of time. The core issue here is that consent to one site proxies affirmative consent to share your information out to other sites.

As a hypothetical, would you give consent to Facebook knowing that they will then share all of that information with anyone who asks (every site, every 3-letter agency, every stranger from anywhere in the world who likes your bikini pictures)?

What if they say they won't share that information, but they do anyway? Tech companies move too fast for law to keep up, and once the information is duplicated to multiple parties, it's almost impossible to track down every copy with certainty.