The user just does one click and milliseconds later has given up all his personal data to the site he just autoregistered for.
Only the personal data you supplied to FB in the first place. Don't give it to FB, no one else gets it either. And if it's "required", just fudge it. Can't remember if my b-day was a required, but if it was I certainly didn't give them the real one. Same for just about every other shred of info on that site: it's either inconsequential (like a "throwaway" email addy) or falsified. And to any responses that say "it's against their TOS", well then call my honeybadger, cuz I just don't give a sh*t.
I have a theory that it's impossible to prove anything, but I can't prove it.