Yes, absolutely. I'll quickly say a couple of things.
Companies need to collect personal information to conduct their business; that's normal. When they share that information with other entities, they would create non-identifiable datasets. Ensuring that this is done properly, plus the overlay of transparency and ethics reviews, provides a good governance model so that whoever gets the data has constraints or guardrails on what they can do with it.
That model is good when it's put in place. It works well in practice. We just need to make sure that it's put in place.