If you buy stuff with credit cards, there's a trail of data.
If you use a smart phone, you're leaving a trail.
If you use a 'loyalty' card at whatever stores you shop at, there's data that can be mined. (It's not magic that the loyalty coupons you get periodically for shopping at certain stores are closely aligned with your shopping preferences...and that data can be passed along.)
My understanding is that this legislation simply levels the playing field somewhat.
I don't like this, but that's what I heard today, Mark.
ISPs will be regulated the same way as other data collectors.
They should each be required to ASK if a user will allow their data to be collected and sold, but that won't happen.