I think the strongest point is about the mismatch between the product and the mitigation. You can't optimize every surface for "one more minute" and then point to a dismissible time-limit popup as evidence that the user is in control
If these systems ever become good enough to be useful, the privacy and consent questions need to be treated as core engineering requirements, not as a policy afterthought