I'm not even remotely-interested unless there is legislation that creates civil-liability and criminal penalties for abuse or mishandling of the data.

Also, companies shouldn't be able to refuse service just because the prospective customer's biometric data was leaked/stolen/duplicated in the past. I mean, when you think about it that's some Twilight Zone or Black Mirror territory.

Since when has that stopped companies from mishandling of data? :)