This is not true at all. It matters from both a principle standpoint and also a data availability standpoint. If I tell you that I won't sell your location info to people starting today but I was selling it in the past, how difficult do you think it would be for someone to use that past information along with current information to figure out what your favorite restaurant is or where you work?

It matters very much that a company only stops selling or tracking your info because they got caught or had a data breach. Look at Google right now. They're being sued by several states for tracking location info for people and then selling it to advertisers without those users' consent. It matters very much to me if Google is suddenly claiming that they're privacy conscious because their actions explicitly speak to the fact that they're not.

Companies don't have principles.

Meta has swung hard in the other direction. Now privacy reviews are so comprehensive that development speed is significantly hampered. Some teams say they're half as productive as they were before the privacy-first changes. Meta seriously does not want to make the same mistake again. Source: I'm an engineer at Meta.

That's good to hear but it doesn't undo the reputational damage from the past. Even if Meta says they're privacy-conscious, I already don't trust them because they were willing to exploit it for gain and recently at that.