It is really scary as a PIMO trying to wake my husband. They already have enough info on me from different sources. I'm pretty sure I've donated back in the day at watchtower.borg, and I know I did it on jw.borg up till a few years ago.
One way they could use it in the cong is to notice when your donations go down, and start shepherding. Of course, it would be all so very clandestine probably with the 'shepherds' getting word that your on-line self is becoming spiritually weak, and not knowing your donations went down. That would be for some other group of people. But maybe I am wrong and they couldn't do that?
If they sold the data it would be one of their corporations that the flock are not familiar with doing the selling. Or for that matter, that even most exjws are not familiar with. Then of course, there would need to be some tricky wording in the Data Form to be able to do that legally. Wait, these scumbags are the Kings of tricky wording.
Some Europeans on here were justifiably complaining about data protection here in the U.S. Even though I know very little it reminded me of my thought every time I get a data privacy notice or have to sign one to get something. I think: 'this is just covering their butt for when all data is stolen'. It is the opposite of a protection policy, it is a reminder to me that they have some of my data and I signed off that if it gets stolen I was aware that it could happen. I'm sure this is not exactly how it works, but that's my thoughts.
Since the U.S. sucks at data protection, imagine wt supposedly protecting data! They are way more incompetent than the U.S. gov. I think people would also get their identity stolen and never know it was WT that allowed it to be stolen.