As a fun but impractical thought-experiment, imagine the differences in a world with a rule like: "If you voluntarily share data about a customer which becomes instrumental in crime committed against that customer, the company is considered an accomplice to the crime."

It's not just telecom, the usage data of a product is naturally an asset of every company.

It's just a matter whether this data contains PI (=Personal Information) or (!) PII (=Personally Identifiable Information --> Information that can be combined with other data to create PI).

The EU GDPR (here mostly known for consent-popups on websites it seems) allows companies to keep this kind of data but requires very strict governance and user-consent if the data contains PI or PII.

And everyone who worked in a larger company at the time of enforcement saw the wonders it did. Suddenly whole departments reviewed the amount of data they collect, and found there was a huge portion of telemetry data that was actually NOT needed to preserve this asset-value (Names, Addresses, Serial numbers, etc...)