Apple and Facebook have been told current privacy practices are "untenable" by the US Federal Trade Commissioner during a debate on the issue.
Speaking during a panel discussion at CES in Las Vegas which featured executives from the two firms, they and the wider technology industry were urged to take more responsibility on the issue.
US Federal Trade Commissioner Rebecca Slaughter said the number of data breaches reported in recent years proved more needed to be done.
"Just the fact that when we read the newspaper every day we see different concerning stories about privacy or security breaches means that it would be impossible to conclude that enough is being done. It wouldn't make a lot of sense to draw that conclusion," she said.
The panel discussion was the first time an Apple executive had appeared at CES in years.
Global privacy senior director Jane Horvath's appearance alongside her counterpart from Facebook came after previous public disagreements between the firms on the best approach to data privacy.
In response to Ms Slaughter, Facebook's privacy boss Erin Egan cited the social network's introduction of a privacy check-up tool as an example of how the company was working to protect its users.
However, Ms Slaughter said it was unfair that consumers were being asked to police how their data was being collected.
"Because I think that today even if consumers can walk through a privacy check-up, the amount of information that you have to process, to figure out what is happening with your data, is untenable for most people," she said.
She said even as a privacy expert, she personally "can not figure out" all the different uses of data going on across the different services she uses.
"I think it's important that we think about ways that the burden is not just placed on the consumer, but that the collectors and stewards of data have the responsibility to for example minimise what's collected, minimise what's retained and minimise how it's shared consistent with still providing the product or service that they're offering and that the consumer wants - but without creating this endless trove of data that can disappear into the ether."
Defending its own approach to the issue, Ms Horvath said: "At Apple, the way we look at privacy is to put the consumers in the driving seat. They should have control over their data. They should have choices with their data and one of the things we really focus on at Apple is privacy by design".
"The other thing that is critically important is that we have support from our executives. Tim (Cook, Apple chief executive) is incredibly committed to privacy and it flows through the company," she added.
Ms Egan said Apple's approach "completely resonates with how we approach privacy at Facebook".
She said it was important to the company that users understood how and when the company used personal data. "But we're constantly iterating because expectations are evolving."
However, the commissioner rebuked Ms Egan over her belief that user privacy on Facebook was successfully being protected today.
The Facebook executive had said the social media firm believed privacy was a "fundamental right" and that it protected the privacy of its users.
But Ms Slaughter did not agree. "I don't want to talk about specific services or products but as a general matter no, I don't think privacy is generally protected," she said.
"I think the amount of data that is collected about any individual in this room. I don't think anyone here could tell us accurately who has what data about them and how it is being used," she added.
She acknowledged that a world where no data was shared could not exist, but said a minimum level of what data is collected and used needed to be found.
Ms Slaughter added that she hoped privacy legislation would be introduced in the US by 2021.
Last year, the Federal Trade Commission fined Facebook $5 billion for privacy violations and enforced strict new oversight rules on the company.
A white paper published by the UK government in April 2019 also proposed new legislation which would impose a statutory duty of care to users on social media and internet companies, with large fines and personal liability for executives as potential punishments for breaches of the code.