I have the complete opposite view. Companies provably can't be trusted on anything touching privacy, and individuals don't have any power to act on it. Governmental oversight and bureaucracy is the only tool that works for a problem like this.
It's a proven, efficient, and universally approved way to already enforce food, fire, travel safety and so on. It's only logical that privacy safety follows the same steps. GDPR seems to be a good approach for it, just pending on widespread enforcement of the rogue entities that aren't yet following the law.
But privacy isn't like food, fire or travel safety. Even assuming absolute cynicism it isn't very exploitable for them to use it for bad purposes.
I liken the difference between actors to a housecat and a large dog with a lamb. The cat at worst could give some scratches but at worst would probably just annoy the lamb jumping into its wool and kneading it. The dog ideally would look after tbe lamb but could also inflict serious bites or even rip out its throat if it wants. Both may want the meat but only one has the ability to kill it to get what it wants. When it comes to unknowns as the lamb I would go with the cat as opposed to the dog out of sheer distrust.
First, there's the historic precedent of collected information eventually making it into the wrong hands. The Preussian "pink lists" are a classic example, but essentially everything that ended up as PRISM can be taken as a more modern example.
And yes, putting power into government hands so regulate the collection of that data, and then arguing that it's dangerous because of the government might seem a bit contradictory. It's not in my mind. These types of legislation are supposed to disincentivize the collection by private entities after all. Government and intelligence services are (too) close but they are distinct.
And then there's the very real [1] ([2] if you want it more juicy) possibility of corporations targeting individuals for one reason or another directly. Here in the west, this sort of thing would result in your Uber becoming more expensive or unavailable, but imagine being a government critic (or activist against e.g. organized crime) in Brazil right now. All that data going god-knows-where, with the express intent of the collectors to sell it to anynone? Not a great outlook.
I think your allegory falls short: the government isn't in this scenario collecting the data, but rather reining in the data collection of private entities. The end result is less data collected instead of the same data in different hands.
It's a proven, efficient, and universally approved way to already enforce food, fire, travel safety and so on. It's only logical that privacy safety follows the same steps. GDPR seems to be a good approach for it, just pending on widespread enforcement of the rogue entities that aren't yet following the law.