I propose focusing on the worst part: information collection on a massive scale. Even if it is not used right now by a spy. They can use what is collected at this moment against you at any point in the future.
This is fair, but hard to define. If you necessarily store data as part of providing a service, but don't use that data for (example) ad targeting, is that a problem? That's a service that cannot exist without data collection (examples being cloud storage), and a service that is valuable to users. Should we avoid services because of what they could do in the future?
Things like the DMA are addressing this well I think. The DMA aims to prevent sharing of data for things the user did not opt in to, that are outside of the product remit. So a hypothetical cloud storage provider could not use that data for ad targeting without getting an opt in from the user, but the user can still use the storage service.
Things like the DMA are addressing this well I think. The DMA aims to prevent sharing of data for things the user did not opt in to, that are outside of the product remit. So a hypothetical cloud storage provider could not use that data for ad targeting without getting an opt in from the user, but the user can still use the storage service.