(Note: Those without posting privileges to one or the other list won't be able to reply to both, as I am replying here.)
This is where it's interesting to examine examples of where it's being done. Some services, apps, SDKs, OSes, and other types of platforms do it. Some do it in response to having been caught out by the media in a problem (so, public pressure can work in some circumstances, even if there's no direct compliance pressure). As my analyst friend likes to point out, the US doesn't force dairy products to avoid rBST, but ~75% of dairy products are rBST free anyway because of consumer demand...
As you've no doubt gotten tired of my pointing out :-), the "Alice-to-Bob" delegation features in Google Apps, TripIt, and Flicker weren't put there in response to a risk management need: They were added as value-add app functionality.
Each has different reasons for doing so. I tend to choose mobile apps that let me pay in money instead of personal data, as they tend to have "superior" (from my perspective) privacy notices that are more respectful of my data (I shared one of those on these lists a while back).