I don't think we should be making regulatory change based on whether the claims of one particular company to do one particular thing using one particular database at one particular moment were effective or not.
I think principles, such as the consent and knowability that Ben just mentioned, are protections against the possibility of that kind of misuse. If we consent regularly to the use, sharing and amalgamation of our personal data—if we have the right to that consent—and if we have the right to know how that data is being used, whether it's for psychographic profiling, for an AI-driven microtargeting campaign, or for whatever reason, that protects us and inoculates us against the potential risk of these technologies in the future, not how they were used in one moment of time by one group.