Only you have an interest in maintaining your privacy

Privacy Requires Work

Most Internet technology is not designed to protect the privacy of those who use it; in fact, most technology providers make money by leveraging your private information. “Privacy policies” are generally written to protect those providers from lawsuits, not to protect users’ privacy. Laws and regulations cover only certain aspects of privacy and vary from place to place — and enforcement is even more varied. So, like it or not, your privacy is your own responsibility, and requires your constant attention.

Our Advice

Encourage policymakers to develop comprehensive privacy regulations, educate yourself and others, and take proactive steps to protect your privacy.

How It Works:

Privacy is not built into the architecture of the Internet. Until recently, few engineers and computer scientists considered the consequences for users’ privacy when designing communication or information-retrieval technology; in effect, privacy has been an “add-on” to existing systems. It has generally been seen as an optional add-on in computer science and IT degree programs as well; few colleges offer a full course on privacy. Consistent standards or best practices for data privacy are few, and have not been widely adopted across the industry.

Privacy tends to be eroded if it is not actively maintained, because others benefit more when you share more data. The default privacy settings for most apps and services are the settings that provide the least privacy, and the fine print of privacy policies often allows providers to collect and share any data they can about you — and to change what they are doing without notifying you. (See: Search Is Improving.) In other words, just because a company has a “privacy policy” doesn’t mean that policy has anything in it to protect you! Information is repurposed regularly; there is little to nothing to prevent companies from taking information they told you they wanted for one purpose, for example to verify your identity, and using it for another purpose, like to target advertising, or even selling it. Furthermore, whatever it says in an app’s or website’s privacy policy doesn’t necessarily reflect what data is actually being collected and what is done with it, because the lawyers who write the policies and the engineers who implement the app or site often don’t even talk to each other.

Laws about use and collection of personal data vary from place to place — even within the U.S., different states have different laws — and it’s not always clear whose law applies. (See: Information Is Valuable.) These laws and regulations tend to apply only to narrow areas (e.g., phone call logs) or particular audiences (e.g., children under 13). There is an ongoing debate about more comprehensive regulation, but meanwhile, the collection of data from online activities is mostly regulated in the U.S. by laws written in 1986. In addition, there is little systematic monitoring of whether companies are actually abiding by the law; enforcement rarely happens unless someone files a complaint or brings a lawsuit.

Finally, while your family and friends may generally have your best interests at heart, they are also often the most likely to undermine your control of your privacy (see: You Can’t Escape).

What Could Happen? Real-World Stories:

You Can’t Sue Family Over Unwanted Facebook Photos, Says Judge

Families Struggle to Delete Loved Ones’ Online Presence After Death

Judge Throws Out New York ‘Revenge Porn’ Case

Fitbit Users Are Unwittingly Sharing Details of Their Sex Lives With the World

Blippy Users’ Credit Card Numbers Found on Google

What You Can Do About It:

Get the Facts:

  • Educate yourself about existing laws and policies on what kinds of personal information can be tracked, shared with third parties, or made public. But also keep in mind that not everyone follows the law!
  • Continue to educate yourself about privacy tools and principles, and share what you learn with your friends and family.

Communicate About Preferences:

  • Contact policymakers and regulators and encourage them to:
    • Educate themselves about online privacy issues (for example, via our website!); and
    • Develop comprehensive regulations to limit the repurposing of user data, and to increase transparency and consumer control over providers’ sharing of user data with third parties (other companies or government agencies).
  • Check your privacy status with companies and institutions like banks and medical providers, and pay attention to their mail and email about privacy; if you don’t respond, they may share your information by default.

Choose What You Use:

  • Think through your preferences for how websites, apps, and services share your data, including:
    • How much data they collect and record about you (including personal/contact information, posts, and metadata);
    • How they use the data; and
    • Whether and under what circumstances they share the data with third parties;
  • …and choose sites, apps, and services whose privacy policies are in line with those preferences. (Read the policies if you can, or use a quick reference guide if you can’t.) But also remember that companies don’t always abide by their posted policies; be prepared for leaks.
  • Only give out as much personal information as is actually necessary to get the service you want, for example when entering information in online forms or allowing apps or services to access your data (such as location and contacts).
  • Delete online accounts you’re not using any more and take down content that’s no longer needed. (But also, see: Sharing Releases Control!)

Customize the Technology:

  • Check your privacy settings on your mobile apps, computer software, and online accounts, and “opt out” of anything you don’t want to share.

Use Your Imagination:

  • When you’re posting or sending email, ask yourself what might happen if the contents were made known to your family, friends, acquaintances, employer, or the government.

How to Better Control Your Privacy — Guides:

Five Ways to Reduce Identity Tracking Online

Maneja tu privacidad en Facebook

Facebook 101: Setting Your Privacy

Four Privacy Settings You Should Enable in iOS 7 (for Apple devices)

New iPhone or iPad? Change These iOS 8 Privacy Settings Immediately

Where to Learn More — Related Resources and Educational Tools:

What They Know — Kids

Ratings of how much personal data is tracked by websites for children and teens

Terms of Service; Didn’t Read

Ratings of websites’ privacy policies

Your Privacy Online: How to Protect Your Online Privacy

An overview of basic protection principles, for college students

Hot on Your Trail: Privacy, Your Data, and Who Has Access to It

A video about what kind of information is tracked and who is tracking it

State Laws Related to Internet Privacy

An overview of laws across the U.S., from the National Conference of State Legislatures


Track new changes to Terms of Service/Privacy Policies for popular websites

Fordham CLIP Volunteer Privacy Educators Program Curriculum

A set of middle-school online-privacy lesson plans from Fordham Law School

The Privacy Game

An educational online game from OpenLearn

DuckDuckGo’s Guide

Use some of these tools and plugins to reduce browser tracking by websites

What Do You Think? Discussion Questions:

  1. How many times have you clicked a box saying you agree to an app or website’s Privacy Policy, Terms of Service, and/or End User License Agreement? How many of those times had you actually read the document you were agreeing to?
  2. What do you think is in all those privacy policies you’ve agreed to?
  3. What is the purpose of a privacy policy for an online app or website?
  4. Do you have to be a computer scientist to understand online privacy?
  5. What is “personally identifiable information”, and who decides what counts?
  6. What kinds of information are app providers, telecommunications providers, and companies you do business with allowed to gather about you? What kinds of information are they allowed to share about you, and who are they allowed to share it with?
  7. Who decides what kind of information providers can gather and share about you?
  8. Are companies and institutions (like schools or government agencies) required to keep information about you secret? What happens if they don’t?
  9. If someone in the U.S. uses an app produced by a company in Nepal, which country’s laws govern what can be done with the user’s personal data and posts?
  10. Does your school or employer have to get your permission to read your email? Does the government have to get your permission? How about the email-service provider?
  11. Who benefits from your data staying private? Is there any benefit to a provider in not sharing your data?
  12. Why do Facebook and similar services “require” you to use your real name? What happens if you don’t?

What People Are Saying — News, Commentary, and Research:

Developing a Framework for Understanding Online Privacy

Can the Government Regulate Internet Privacy? Sends User Information to Third Parties, Violating Its Own Privacy Policy

No U.S. Action, So States Move on Privacy Law

Can the Law Keep Up With Technology?

Americans Will Never Have the Right to Be Forgotten

Modernizing the Electronic Communications Privacy Act (ECPA)

EU Court Backs ‘Right to Be Forgotten’: Google Must Amend Results on Request

State Steps Up Enforcement of Digital Privacy Protections

The NSA’s War Against Encryption

With Power of Facial Recognition and High-Tech Surveillance, Where to Draw the Line Between Safety and Spying?

Blown to Bits, Ch. 2 – Naked in the Sunlight: Privacy Lost, Privacy Abandoned

Our New Resources for Teachers: "Privacy Requires Work"