That's what the General Data Protection Regulation is all about, putting in place different mechanisms to control the digital service providers. One very similar principle is that, for example, as a data owner, I must always get an overview of how my data is used. For example, if I use Facebook, when I approach Facebook and want to know how Facebook has used my data, they have to give a total overview of how they have done it. Also, if I want some data erased, they have to do it. Also, the third principle is that companies cannot make long-lasting commitments. For example, if the company asks whether I'm willing to give power over my data to them for 10 years, then this is not legally possible. The next day I can approach the company and say that I don't want them to use my data anymore, and they have to delete it. There are several regulatory mechanisms to control them.
Also, if something happens, there are very big sanctions against the companies, up to 4% of the annual global turnover. These regulation are bringing big changes, at least in Europe, to companies that provide digital services.