AFAIK UK CRB checks can only be done (a) by a particular state authority or (b) with the written consent of the subject. So, I repeat, if you say there are (presumably US) sites that will permit checks as stated on a UK person, please specify the site you used. I know some UK subjects whose details I can use to test your theory.

There are I think two big points in this.

What the US apparently does in invading privacy is specifically permitted by US law as against non-US-citizens, and what is more, in ways that are prohibited in the subject's jurisdiction. This is why various European jurisdictions are "demanding" that the US do this or that. The use of the word "demand" tickled my funnybone - if the US refuses what are the European governments going to do, send a gunboat?

Secondly, the amount of data to be sifted required automation according to pretty specific criteria - and most of us are not going as things stand at present are not going to get flagged up by present automated criteria. But a government hostile to democratic process could very easily change what was sorted for so as to detect attempts at democratic opposition