I’m assuming you’re referring to cell phone locations. That wouldn’t apply since mobile carriers were always except from these privacy rules. If you’re talking about online activity like searches, social networks, etc., then ISPs don’t even have this data due to almost every website using HTTPS. For example, they can see that I’m connecting to Facebook but can’t see anything beyond that. They can see I’m connected to Google, but can’t see what I’ve searched for.
I’m not happy about this news but there’s a dozen or more companies that have access to the same data such as Google, Facebook and any one whose app you’ve installed. For a long time we’ve been promoting the convenience of cloud services, so it seems a bit silly to get worked up about this. People prefer convenience over privacy. Privacy will never be convenient because it runs counter to the business model of cloud services, especially free ones.
For those willing to jump through a few hoops, I suggest a VPN service. This will disrupt any data collection attempts by ISPs, and they’re very inexpensive. The website TorrentFreak did a nice review of some of the more popular ones. I use PIA.
“An individual’s data collected by these companies also does not need to be secured with ‘reasonable measures’ against hackers.”
There are no specific legally mandated computer security measures for anyone so the point is immaterial.
(random text because I’m getting a duplicate reply error)