I think there are some pretty large differences in scale between "buying ads to target people with specific attributes and saving the situations where they interact with your ad" and "enabling any application to view all of the information about any friend who has connected with the app user".
I wouldn't argue that micro-targeting can't end up with very specific privacy concerns, but I don't think it's nearly the same scale as "you should probably assume that if you signed up to enable the Graph API on Facebook all information about you prior to 2015 is available to people you probably don't trust".
It’s a different scale only in the timeframe of a single campaign. 3P trackers have an *ongoing central vantage over many campaigns, giving them data which they accumulate and sell to each other, causing leaked “private” data to accrete and spread in essentially a viral fashion.
The resulting dataset over even short periods (< 1 yr) time is comparable to a total datadump, including an accurate social graph. A “very specific pivacy concern” it is not.
I wouldn't argue that micro-targeting can't end up with very specific privacy concerns, but I don't think it's nearly the same scale as "you should probably assume that if you signed up to enable the Graph API on Facebook all information about you prior to 2015 is available to people you probably don't trust".