Only you have an interest in maintaining your privacy
Privacy Requires Work
Most Internet technology is not designed to protect the privacy of those who use it; in fact, most technology providers make money by leveraging your private information. “Privacy policies” are generally written to protect those providers from lawsuits, not to protect users’ privacy. Laws and regulations cover only certain aspects of privacy and vary from place to place — and enforcement is even more varied. So, like it or not, your privacy is your own responsibility, and requires your constant attention.
Our Advice
Encourage policymakers to develop comprehensive privacy regulations, educate yourself and others, and take proactive steps to protect your privacy.
How It Works:
Privacy is not built into the architecture of the Internet. Until recently, few engineers and computer scientists considered the consequences for users’ privacy when designing communication or information-retrieval technology; in effect, privacy has been an “add-on” to existing systems. It has generally been seen as an optional add-on in computer science and IT degree programs as well; few colleges offer a full course on privacy. Consistent standards or best practices for data privacy are few, and have not been widely adopted across the industry.
Privacy tends to be eroded if it is not actively maintained, because others benefit more when you share more data. The default privacy settings for most apps and services are the settings that provide the least privacy, and the fine print of privacy policies often allows providers to collect and share any data they can about you — and to change what they are doing without notifying you. (See: Search Is Improving.) In other words, just because a company has a “privacy policy” doesn’t mean that policy has anything in it to protect you! Information is repurposed regularly; there is little to nothing to prevent companies from taking information they told you they wanted for one purpose, for example to verify your identity, and using it for another purpose, like to target advertising, or even selling it. Furthermore, whatever it says in an app’s or website’s privacy policy doesn’t necessarily reflect what data is actually being collected and what is done with it, because the lawyers who write the policies and the engineers who implement the app or site often don’t even talk to each other.
Laws about use and collection of personal data vary from place to place — even within the U.S., different states have different laws — and it’s not always clear whose law applies. (See: Information Is Valuable.) These laws and regulations tend to apply only to narrow areas (e.g., phone call logs) or particular audiences (e.g., children under 13). There is an ongoing debate about more comprehensive regulation, but meanwhile, the collection of data from online activities is mostly regulated in the U.S. by laws written in 1986. In addition, there is little systematic monitoring of whether companies are actually abiding by the law; enforcement rarely happens unless someone files a complaint or brings a lawsuit.
Finally, while your family and friends may generally have your best interests at heart, they are also often the most likely to undermine your control of your privacy (see: You Can’t Escape).
What Could Happen? Real-World Stories:
What You Can Do About It:
Get the Facts:
- Educate yourself about existing laws and policies on what kinds of personal information can be tracked, shared with third parties, or made public. But also keep in mind that not everyone follows the law!
- Continue to educate yourself about privacy tools and principles, and share what you learn with your friends and family.
Communicate About Preferences:
- Contact policymakers and regulators and encourage them to:
- Educate themselves about online privacy issues (for example, via our website!); and
- Develop comprehensive regulations to limit the repurposing of user data, and to increase transparency and consumer control over providers’ sharing of user data with third parties (other companies or government agencies).
- Check your privacy status with companies and institutions like banks and medical providers, and pay attention to their mail and email about privacy; if you don’t respond, they may share your information by default.
Choose What You Use:
- Think through your preferences for how websites, apps, and services share your data, including:
- How much data they collect and record about you (including personal/contact information, posts, and metadata);
- How they use the data; and
- Whether and under what circumstances they share the data with third parties;
- …and choose sites, apps, and services whose privacy policies are in line with those preferences. (Read the policies if you can, or use a quick reference guide if you can’t.) But also remember that companies don’t always abide by their posted policies; be prepared for leaks.
- Only give out as much personal information as is actually necessary to get the service you want, for example when entering information in online forms or allowing apps or services to access your data (such as location and contacts).
- Delete online accounts you’re not using any more and take down content that’s no longer needed. (But also, see: Sharing Releases Control!)
Customize the Technology:
- Check your privacy settings on your mobile apps, computer software, and online accounts, and “opt out” of anything you don’t want to share.
Use Your Imagination:
- When you’re posting or sending email, ask yourself what might happen if the contents were made known to your family, friends, acquaintances, employer, or the government.
How to Better Control Your Privacy — Guides:
Where to Learn More — Related Resources and Educational Tools:
What Do You Think? Discussion Questions:
- How many times have you clicked a box saying you agree to an app or website’s Privacy Policy, Terms of Service, and/or End User License Agreement? How many of those times had you actually read the document you were agreeing to?
- What do you think is in all those privacy policies you’ve agreed to?
- What is the purpose of a privacy policy for an online app or website?
- Do you have to be a computer scientist to understand online privacy?
- What is “personally identifiable information”, and who decides what counts?
- What kinds of information are app providers, telecommunications providers, and companies you do business with allowed to gather about you? What kinds of information are they allowed to share about you, and who are they allowed to share it with?
- Who decides what kind of information providers can gather and share about you?
- Are companies and institutions (like schools or government agencies) required to keep information about you secret? What happens if they don’t?
- If someone in the U.S. uses an app produced by a company in Nepal, which country’s laws govern what can be done with the user’s personal data and posts?
- Does your school or employer have to get your permission to read your email? Does the government have to get your permission? How about the email-service provider?
- Who benefits from your data staying private? Is there any benefit to a provider in not sharing your data?
- Why do Facebook and similar services “require” you to use your real name? What happens if you don’t?