First, when you get into these arguments, always start from the viewpoint that these people do not see any worth in their data. Their convenience is worth way more than any privacy breach. That's why your goal is usually to convince them that privacy breaches can be a huge innconvenience for them, use their selfishness to advocate for their self-interest.

Quick example, what defines something that needs to be hidden changes constantly with different governments and regulatory bodies. There's no telling if your current data won't be illegal or something in the future, causing you problems. That's why it's important to have protections for your data to begin with so a future government can't just unilaterally decide to trample all over your rights.

Basically, see what they care about and try advocating from that viewpoint, not your personal viewpoint. There's a good chance you'll have a line of argument.

I find that I have more success convincing people if I put their self-interest first and foremost instead of trying to explain some grand ideology. People want something tangible, not a hazy ideal. It's only when something affects them that they may change their views.