I would hope so as well, but doubt it: if the user consents to their communications being MITM’d by the browser, basically, then I’m not sure there’s currently a legal basis for forbidding that behavior. Many sites/applications accessed by the browsing user may have terms that forbid that kind of data sharing though.

Gross. Terminate TOSs. We all need legal agents: perhaps they would (technically) time-travel back to when these kinds of intrusions began and retroactively disaggregate the prolonged and massive data theft from human beings' individual choicemaking efforts.