This is a question that gets right to the heart of information security, in my opinion. How much is enough? How many incidents are too many and how much usage of your data is acceptable?
That’s really going to depend on what the risks are to you, and how much risk you personally are willing to tolerate. For example, you’d probably respond differently to someone who wants to steal your data and use it for identity theft, and someone who wants to use your data to show you personalized ads. Figuring out which actions you care about is an exercise in building a threat model.
If I don’t like a company’s security practices, I try not to use it. Unfortunately, the ideal and the real sometimes don’t match - I dislike Google’s habit of siphoning all the data it can, but still have a gmail account. I like data privacy, so I try to keep sensitive information a long way from Google and Facebook; I’ll be migrating off WhatsApp (which I already used only for non-sensitive personal conversations) before the start of February.
It’s an interesting thing to consider. What’s your personal threat model? And, how much friction are you willing to put up with to mitigate the possibility of a company being breached or misusing your data?