What Is Online Privacy?

Complete online privacy doesn’t exist, but there’s still plenty you can do to protect your personal data.

Online privacy is the protection of an individual’s personal information and data while using the internet. It involves safeguarding sensitive data from unauthorized access, maintaining control over information shared online, and determining what data is shared with third parties and how they can use it.

What Is Online Privacy?

Online privacy describes the protection of personal data when using the internet and online platforms, including websites, mobile apps, commercial software and IoT (Internet of Things) devices. It stands as a notion that only the user, and the parties they give permission to, should be allowed to access their personal information while traversing the web. 

While a prevalent concern in the digital age, online privacy is, in many ways, a fiction. It is nearly impossible to control what of your personal data gets collected, how it is used and who has access to it. Companies and governments around the world are taking steps to improve the situation, but it is still largely up to individuals to try to preserve their privacy online.

Every time we use the internet, we leave a trail of personal data behind — everything from our name and age, to our IP address and credit card number. And once that information is out there, it cannot be contained. It is bought, sold and traded via data brokers. It is scraped from one organization’s website by another. And sometimes it is stolen by criminal enterprises for financial gain.

“The amount of information on people has exploded,” John Gilmore, who heads research at data privacy company DeleteMe, told Built In. And it’s easier than ever for that information to move around. “People have given it to other people, who have given it to other people, who have given it to other people. So what used to be siloed information is now kind of everywhere at once.”

Why Is Online Privacy Important?

Maintaining online privacy is important primarily because it strengthens your personal security against online attacks and scams.

1. Protects Against Cyber Attacks

In 2022 alone, more than 1,800 data compromises occurred in the United States, bombarding some 422 million people (larger than the U.S. population) with malicious software, phishing scams and other cyber attacks. The problem will only continue to get worse with the expansion of artificial intelligence, which allows criminals to automate their attacks, making their jobs “easier, quicker and more effective,” according to Daniel Markuson, a digital privacy expert at data privacy company NordVPN.

Protecting your online privacy acts as a barrier against these malicious actors by reducing the amount of exploitable data available on the internet, thus making it more challenging for them to carry out their attacks successfully.

“Your digital persona is a part of you,” Adrianus Warmenhoven, a security advisory board member at NordVPN, told Built In. “So online privacy really means protecting a part of yourself.”

2. Gives Users Control Over Their Data

This need for protection extends beyond just the prevention of cyber attacks. Better online privacy can also help people maintain a sense of autonomy in an age where personal data is being collected indiscriminately by both companies and governments.

The information we share online is used to create profiles that can help retailers produce targeted ads and make product recommendations, employers vet incoming applicants, or law enforcement agencies try to solve crimes. It is also used to train those massive AI models powering text and image generators like ChatGPT and Stable Diffusion.

After all, data is a valuable commodity — hailed by some as the “new oil” of the digital economy — and some people are wary of this rampant collection and sharing of their personal information.

“It’s yours. There shouldn’t even be an argument about anything else. If you don’t want to share it, that should be enough,” Warmenhoven said. “Privacy should be about what I want to share with the world, not what I have to hide from the world.”

Common Online Privacy Threats

The things that erode online privacy come in all shapes and sizes, and their cumulative effect is substantial. Let’s examine some of the most common threats.

1. Weak, Reused Passwords

Many people use weak passwords — a birth date, a pet’s name, even the numbers “123456” (reportedly the most common password in the world). But weak passwords are one of the biggest threats to online privacy, particularly if they are reused across multiple sites and devices. It allows cyber criminals to break into multiple accounts at once and commit identity theft, financial fraud or both.

“Once it’s copied twice, that will be a red flag to anybody who is snooping. If they see it is used twice, they’ll go, ‘Well, it’s likely to be used a third time. Let’s target that person’,” Gilmore said. “The people who get hit with identity theft are the people who don’t take it seriously. They use the same passwords in multiple places.”

2. Social Media

Social media has made it easy to share virtually every aspect of our lives with each other, making it a treasure trove of personal information. All of that data is scooped up by the social media companies themselves, so they can sell it to advertisers and get a better understanding of their user base.

Cyber criminals can also scrape this information and use it to commit identity theft or financial fraud. With every post, we create a clearer picture of our life, relationships, habits and possessions, making it easier for criminals to use it against us. For example, they can carry out social engineering attacks like spear phishing, pretexting and deepfakes — all of which involve using people’s personal information to trick them into handing over more of it, like social security numbers and credit card numbers.

3. Mobile Apps

Virtually all mobile apps have access to users’ personal information, including their location, contacts and photos saved on their mobile device. Sometimes they can even tap into a device’s microphone and listen in.

According to a 2022 report published by cybersecurity company Clario, social networking, dating and transportation apps lead the way in data collection, with Facebook, Tinder, Grindr, Uber and Instagram being the most prolific. Google is the biggest offender though. Through its various apps, the tech giant collects users’ names, phone numbers, payment information, search history and even the emails they write and receive — much of which is shared with advertisers so they can create more personalized ads.

Apple and Google, which collectively control a vast majority of the apps we have on our phones, have beefed up their privacy permissions over the years. But smartphone users still have to be vigilant in monitoring and altering their apps’ permissions to what they are comfortable with.

4. IoT Devices

Lots of internet-connected devices — from smart home tech like doorbells and speakers to wearables like fitness trackers and VR headsets — listen to, record and gather data on their users. Even smart cars do it; after conducting several studies, the Mozilla Foundation found that some vehicle companies collect and sell pretty personal information, including immigration status, health history and sexual orientation.

Even if you’re comfortable with companies accessing and using that information, it’s important to remember that every device that connects to the internet is vulnerable to hackers. This is especially true of IoT devices, which often lack built-in security controls, Markuson said. “If your IoT devices are compromised, attackers could spy on your home, steal personal data, or even use them as entry points to your home network.”

Tips For Protecting Your Online Privacy

Much of our online privacy is out of our control. But there are several steps you can take to protect your data.

1. Use Strong, Unique Passwords

Every single site you use should have a unique password, and they should be changed often. That way, if a password is leaked, it isn’t useful to anyone for very long.

And while they should be long (at least 20 characters, according to Markuson), your passwords don’t need to be complicated. Warmenhoven suggests taking a line from a favorite book or song and using that. “You can easily remember it, and if you forget it just go back to the book or the song.”

You can also use a password manager to keep it all straight.

2. Delete and Opt-Out

Today, 11 states have comprehensive privacy laws stating residents have the right to access, correct and delete the personal data collected on them, as well as opt-out of any future sale or sharing of that data. So residents of California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana and Texas can exercise that right.

Even if it isn’t a protected law in your state, most companies will honor deletion and opt-out requests, according to Merry Marwig, a privacy consultant at data privacy company DataGrail. In fact, a 2023 DataGrail survey showed a 72 percent increase in total privacy requests from 2021 to 2022, more than half of which came from states that don’t have privacy laws.

“People are starting to realize the downsides of hyper personalization online — how they’re being tracked, how they’re being profiled and how their data about them is being bought, sold and shared with companies they don’t know,” Marwig told Built In. “They want to regain that control.”

If you don’t want to do all of this manually, there are several tools that can help, including Consumer Reports’ Permission Slip app, which handles users’ privacy rights requests on their behalf. You can also use DeleteMe, which helps remove users’ personal information from open source intelligence sites and other websites.

3. Stop Handing Over Personal Information

Don’t overshare on social media, and don’t give every company you do business with your contact information. If you sign up for a rewards program at your local grocery store, for example, don’t give out your personal phone number, use a Google Voice number instead. And don’t include your contact information in your email signatures, because that email will likely be shared and forwarded to inboxes belonging to people you don’t know, Gilmore said, which can then be scraped.

Once you’ve stopped sharing this information, and deleted the information companies already have, any data that’s already been breached or leaked will be useless (or at least less accurate) — making it harder for cyber criminals to attack you and companies to have a profile on you.

“All the companies that collect data need recent data to be the most effective,” Hayley Tsukayama, associate director of legislative activism at digital privacy nonprofit Electronic Frontier Foundation, told Built In. “I think there’s always a moment to just shift the balance a little bit.”

4. Use a VPN

Using a VPN (virtual private network) will encrypt your internet connection, making it harder for third parties to monitor your online activities.

You can also invest in a browser plugin called Global Privacy Control, which automatically prevents websites from tracking you.

5. Advocate for Stronger Legislation

Advocating for more and stronger privacy legislation could lead to a more top-down approach to proactively addressing the challenges of online privacy. Such regulations could establish clear standards for how data is collected, used and shared, helping to prevent data breaches, identity theft and unauthorized surveillance, while holding companies accountable for responsible data governance.

“I really do encourage people to reach out to their lawmakers at the state level,” Tsukayama said. “I think more legislators are more willing to hear it now than they ever have been.”

Indeed, although the United States does not have any sweeping privacy legislation at the federal level, a growing number of states are signing in laws of their own. In 2023 alone, eight states passed new comprehensive privacy laws. And by 2026, 13 state privacy laws will have taken into effect.

“In the next three years, 43 percent of all Americans will be covered by state privacy law, which is great,” Marwig said. “And who knows? Between now and then even more states might adopt privacy law. This is a tidal wave of change.”

To read the full article, click here.