Everywhere there is a choice. If, for instance, you don't want Facebook to have your data, don't use Facebook and block their domains using an adblocker to prevent leakage via cookies on sites that have their JS running.

The folly is that EU regulators have duped people into believing that they can read and even participate in free-as-in-beer social media sites without any of 'their data' ever being held by anyone else. And that the information of what a person did on a single site on a given day is "personal data" even if it isn't ever tied to your identity or ever used to do anything but try to show that browser a more relevant ad.

The root cause of both the general public's discomfort and the overcollection of data is the ad-supported model itself. The EU punted on that hard problem and instead wastes everyone's time trying to pretend the ad-supported models can function with 100% personal data control.

Things elsewhere are bad, but the EU is worse because it lies to people about the efficacy of its regulations and the whole apparatus only exist to make lawmakers and lobbyists a justification for their existence.

Let's stop pretending that the EU has done anything more than political theater.

> What do you suggest instead?

Break apart any company that has more than 150 employees (by employee, also count individuals working more than 50% of the time to the same company): https://news.ycombinator.com/item?id=31317641