In a perfect world, consumers and employees would have complete control of any data that is specifically about them. They could choose who gets it and how it can be used. Crucially, they would have constant access to a list of where and how their data is being used, and they could edit it at whim.
But you might have noticed that we don't live in a perfect world.
Various privacy advocates have sought such user privacy controls, with European telecom giant Orange being the latest to champion the idea. Beyond the calls for action, little has actually happened. This will be hard for many of you to believe, but the company that has come closest to delivering a tool that could give users more control over their data was Google, which tends to view privacy the way Superman views Kryptonite. Rest assured, though, the release of that tool to the public was unintended and Google quickly shut it down. Perhaps when Google saw the Electronic Frontier Foundation applaud the tool, the company realized that it had accidentally served up something that was Google poison.
The question of whether such privacy controls would be good or bad for business and society is complicated. Used properly and respectfully, personally identifiable information (known as PII, in IT's acronym-loving way) can truly help companies deliver far better services. Amazon is perhaps the best example of a company that loves to leverage PII while being disciplined and restrained enough to (usually) not be obnoxious about it.
As for consumers, unless they really understand at a fairly sophisticated level how their information is to be used, most of them are not in a position to make the decisions about their own data that best serve their own interests.
As it turns out, though, the practical realities of IT spare us from having to make these decisions at a "what is best for society" level. That's because the only privacy call that can pragmatically work is to refuse from the get-go to let a company collect any of your personal data. The reason is that, once data is in a system, it really can't be removed -- at least not completely. It's as if the data has entered a Mobile IT Roach Motel: Data can check in, but it can never check out. (If you recognize the tagline from those iconic Roach Motel ads of the late 1970s, you can watch one on YouTube. But I should note that roaches don't seem to have it as bad as data: There is evidence that some German cockroaches have developed an aversion to glucose, which is used as bait in the traps, and are passing this trait on to their offspring. Yeah, I think it's safe to conclude that cockroaches will indeed outlive humans.)