First Amazon and Google. Then Apple and Microsoft. And now Facebook. At this point, it seems easier to list tech companies that haven’t been caught eavesdropping on their customers — through smart speakers, Skype, Facebook Messenger and more. The five companies named could affect more than 3 billion users.

In case it’s not already clear, let me spell it out: Big Tech will violate your privacy until they’re caught red-handed — and then do it again.

I don’t know what I find more disappointing: that these companies are caught misusing consumer data — or that the general public no longer seems outraged by it. We seem to have become apathetic about such intrusions, having gone from “How could they do this?” to “Oh, they did it again?”

Perhaps it’s because we read about a major data breach every other week. Or it could be because we have normalized the idea of tech companies selling your data to advertisers: If a service is free of charge to the user, of course the user is the product. But while it’s true that targeted advertising pays for many of these services, it’s a leap to say we should accept being spied on.

So what should you do about it? Danah Boyd, the founder of the Data & Society Research Institute, put it best when she said that our information is “public by default, private through effort.” The greatest threat isn’t that tech companies will continue collecting and misusing our data, though they will. It’s that we will become passive, accept it as the new normal, and do nothing about it.

If the companies cannot refrain from abusing our data, then the onus is on users to protect themselves. We don’t share our ATM personal identification numbers because we don’t want others to know our financial history. We have curtains and blinds because we don’t want people looking into our homes. Why should it be different when it comes to our online data and privacy?

Maybe it’s because for most people, the effort — to change how they search, shop, connect with others, and consume content — is just too great.

So start small: Check your privacy settings, turn off microphones and cameras on your apps and devices when they’re not in use, and do the same for the less tech-savvy people in your life. These are the first steps toward a true digital privacy reckoning.

Let’s not be tricked into thinking the problem is too deeply entrenched for individuals to solve. We should all speak up as citizens to demand legislation that protects consumer privacy. Push for laws that give individuals, not Big Tech, ownership and control of data.

Make it mandatory for companies to get opt-in consent before collecting, storing or using any customer data. Mandate clear and simple terms of service that consumers can actually read and understand. (A study by my company showed that over 80% of Americans don’t read the terms of service. That needs to change.) Make sure consumers can find out what data companies have gathered about them, how they got it, what they did with it, and with whom they have shared it.

If we throw our hands up in despair, the tech giants will have succeeded in fundamentally undermining our right to privacy. Starting somewhere small is better than doing nothing at all. The future truly becomes bleak only when we stop wanting to take control of our data.

I am reminded of the arguments made in the 1990s against the “Do Not Call” list. Consumers were annoyed by the proliferation of intrusive calls to their homes, but telemarketers argued that they gave them opportunities to hear about great deals and products. Once the regulation passed, though, people signed up for the list in droves. It became obvious that industry malpractice could be fixed with consumer action and a little help from lawmakers.

If we push for strong consumer data protections today, I believe we can have similar hopes for the future of privacy.

Harold Li is a vice president of the online security company ExpressVPN.