> These seem like randomly chosen generic grievances, not examples of companies making promises in their privacy policy (or similar) and breaking them. Am I missing some connection?

My point is that whenever we send our data to a third party, we can assume it could be abused, either unintentionally (by a hack, mistake etc.) or intentionally, because these companies are corrupted to the core and have a very relaxed attitude to obeying the law in general as these random examples show.