So what is the solution? In the absence of effective enforcement, do we have to resign ourselves? Or can we force the industry and its practices to change?
We can use tools that protect us (secure software, anti-tracking software...) and educate practitioners about privacy enhancing technologies and privacy engineering in general.
But there isn't any technological solution to the arms-race of offense and defense.
We need strong regulation, and effective enforcement as well.
It seems a pretty sad world to me. The sole fact that we are talking about offense and defense is harsh. An individual needs his fundamental rights to be respected, and at the same time, a service provider needs data to pursue improve his product. We should consider both to hope for a balance. IMHO, the problem with today's solutions is that the individual is set out of the equation because data are "considered" anonymous. We take for granted something that may at least deserve more attention.
By promoting consent as a first-class citizen, we can reposition the individual at the center again.
But there isn't any technological solution to the arms-race of offense and defense.
We need strong regulation, and effective enforcement as well.