Individuals can do things that increase or decrease how easy it is to publish their data, but the digital economy is designed to capture our data. Blaming users is like blaming a victim for getting kidnapped.
Which is not to say that civil society organizations have it easy – there’s no practical way to track the full range of commercially available applications, their data policies, or the number of ways they could collect or lose control of data and cause harm. Civil society organizations may understand how dangerous their situation is, but that doesn’t mean they can monitor the entire market.
The knee-jerk reaction is to push for government regulation or human rights. While we should always work toward better laws, there are a lot of flaws to putting all our eggs in that basket. The law isn’t good at classifying data or risk, regulators have limited jurisdictions, and courts are terrible at adjudicating these kinds of cases.
Even worse, the 2018 World Justice Report declared “a crisis for human rights,” after showing that rule of law and human rights systems are weakening in 2/3 of the countries measured. When it comes to data capture – the law isn’t particularly effective, and where it is, it’s good at punishing the criminal, not saving the victim.
The good news, is that like protecting yourself from kidnapping, there aren’t perfect answers, but there’s a lot of little things we can do that, together, make a big difference. We don’t need international treaties to write better procurement contracts, we don’t need government interdiction to have workplace policies, and we don’t need commercial regulation to negotiate privacy policies that do more than boilerplate terms of service.