If you missed the news about Russian-owned FaceApp going viral, you’ve probably been vacationing on the coast of a dust pond on the dark side of the moon. It highlights the general lack of privacy laws out there, and may herald the start of meaningful legislation.

FaceApp allows users to tap into the power of artificial intelligence to see what they might look like with a perfect Hollywood smile, different hair, no hair, facial hair, or, alternately, as a much older version of themselves. The app essentially offers a rogue’s gallery of oneself, making it good fodder for social media sharing, and probably much harder to enter witness protection.

While the ability to hide out in South Dakota or South Jersey may not be foremost among the concerns of most FaceApp users, neither apparently is being hacked.

The locust-like media coverage of FaceApp spurred widespread day-after anxiety about how user images might be repurposed, and fake versions of the app laced with malware. Somehow the same fear isn’t daily in the minds of social media users, who waive many of the rights grabbed by the makers of FaceApp.

Consider that in the event user photos might fall into the hands of a hacker–state-sponsored or freelance, bad things could happen. The same problem holds true for Facebook and FaceApp users alike. That very same image (or images) proffered for fun on the user side and profit on the corporate side, could be legally (or illegally) repurposed by the company that lawfully acquired it. We live in an information Wild West. As of today, in most of America we neither know, nor have the right to know how our data is being used.

There Ought to Be A Law

While many were alarmed by the specter of Russia owning pictures of them and the privacy implications that went with that set of affairs, the bigger picture got lost in the scramble.

With FaceApp, the terms of use freaked everyone out. Sen. Chuck Schumer wrote an impassioned letter about it. Others–many others–cried foul. But here’s the thing: those terms of service were not terribly dissimilar from the terms applied by most big tech companies. The fact is, no one is protected.

As far as facial recognition goes, Snapchat and Instagram have FaceApp beat. Those two apps have far more information about user faces, and they are operating in a low regulatory oversight environment. They are in fact breaking laws that will be written in the years to come. Big Tech is to privacy what cigarettes were to healthy lungs and hearts before 1970 when the Surgeon General’s warning became mandatory.

Forget “Don’t Be Evil,” Don’t Be Creepy!

Still don’t think regulations are lacking? Google was recently out on the street offering random people $5 to be photographed. The pictures were being collected to help the company perfect 3D imaging and facial recognition. This will not be allowed to happen for five dollars or five hundred dollars in five years without full disclosure about the transaction and full consent.

Until these fast and loose practices are illegal, consumers should insist that such encroachments stop, and use their clicks and downloads (or more to the point the withholding of them) to change untoward uses of user data.

A citizen’s face is private information, and the collection of it for the purposes of identifying them and placing them here, there or anywhere–something done regularly in the Yuigar regions of China today to control that ethnic group–should not be deemed acceptable in a country like the United States, which is governed by a Constitution that doesn’t condone such encroachments.

Two Steps Forward, One Back

Facebook reached a $5 billion settlement for misrepresenting the way it handles user privacy, the SEC fined the company $100 million for misleading investors about the risks associated with the misuse of user information, and, still later in the day, Facebook admitted that it was the target of an FTC anti-trust investigation. Oh yeah, then came second quarter results, which exceeded expectations. All this in one day.

The settlement required that Facebook create new roles at the company to oversee privacy and police it, and that the company set about creating a more transparent environment for the information that the company collects, and how it’s used. The $5 billion fine was specifically for misleading users regarding their control over the ways Facebook used their data.

The settlement was met with a general outcry, with many experts saying it was toothless. With $56 billion in revenue, the fine is absorbable, and the new strictures in no way proscribe the way Facebook collects and sells user information. In other words, it signaled business as usual for the time being.

“The F.T.C. is sending the message that wealthy executives and massive corporations can rampantly violate Americans’ privacy and lie about how our personal information is used and abused and get off with no meaningful consequences,” Sen. Ron Wyden said.

The anti-trust investigation is not really news. It has been speculated for some time that the FTC was looking into the possibility that Facebook used its muscle to squash competition, news of an investigation may signal a more intense phase of regulatory action regarding the way big tech uses, and, by implication, abuses consumer information.

The bottom line is everything here. Right now, it is robust. Companies are making a killing using consumer information to mint money. The time for this Forty-Niner mentality is drawing to a close. So, if you are starting a company now, it might be a good time to join the handful of entrepreneurial pioneers who are now making money by protecting consumer privacy. The boom days of data strip mining are coming to a close.