I agree with what you say. The difference is that you consider a provider your adversary when it comes to the task of that control and I consider a GDPR-respecting company to be my partner in that attempt (yes, I know who Snowden is) to control [what kind of things about yourself you would like to expose].
