I bet they said something like "we don't use most of that information, we just need access in case we add a new feature in the future that uses it". And then it'll come out that they've always been using it, and it's been associated with your identifying info. And then their server will be hacked (because the admin password was "meta123") and the all the info will leak. The modern internet sucks.
They tried to use the same excuse with their privacy policy for oculus. ie they can even watch the cameras if they want but they promise they won't.....
We need massive punitive fines for misusing data farming. Data leaks of health and financial information should literally put billion dollar businesses out of business for good.
If they can't manage the data they don't deserve it, full stop.