The problem is the the private sector keeps expanding the amount of data it wants to collect. The other day a store clerk demanded ID from me to buy cough medicine - not the kind you can get high from, just generic honey+lemon flavor powdered acetaminophen (I think the branded version is Theraflu). When challenged the clerk said they can't sell it to people under 18. I'm nearly 50. There's no legal requirement for this in my state, I checked.
If you turn it into a battle, you will be fighting that battle with every single organization that you will ever do business with. You are not going to win any meaningful number of them. Since some of these organizations are monopolies, or duopolies, you can't meaningfully make a choice to opt out, short of becoming a cave hermit.
If you do want to fight, fight the problem at its root - whether or not third party data should be accessed by LEOs through a warrant[1], how it can be shared with other organizations, and what purposes it can be used for. The (much-reviled on HN) GDPR happens to go a long way to address the latter two points...
This requires legislature, not grand-standing about cherrypicked examples. But for various reasons, the hacker community is very much against using legislature to solve these global problems, so it sticks to grand-standing. [2]
[1] As I've mentioned before, centuries of western legal precedent believe the answer to this is 'Of course, how is this even a question?' I don't think that's going to change in my lifetime.
[2] Consider your own example - do you think it's more productive for you to boycott the clerk that wouldn't sell you cough medicine, or to try to change the rules for what requires, and what does not require ID?
This requirement for ID only began recently; I purchased the same product some months ago with no ID. They're probably expanding the amount of data they collect in advance of the new (GDPR-inspired) privacy laws that go into effect here next month.
You're not telling me anything I don't already know, but I think you're overlooking the asymmetrical problems wherein it's far easier for corporations to collect data (even with these regulatory requirements) than for individuals to maintain even basic privacy.
