Welcome to world of completely distributed spying capability.
The global civilian system is by its nature impossible to protect as it must work with no end of legacy software and flaws. So do not use it for truly critical material. Otherwise push for open access to everything.
After all who cares if you bought an item last week when that makes you one of ten thousand. And just who is going to look at your data unless they already know you are a real person of interest? Such as a USA government employee connected to known Deep State problems.
Otherwise all that activity disappears into an ocean of unconnected data. One can traverse the entire Sahara desert without identifying a significant track. But point out such a track and you are on the hunt.
Consider that the NSA had all data for the past several years and NO ONE LOOKED because it is almost impossible unless you have a target.