The default settings on Facebook allow for ad-targeting, unrestricted monitoring of app and browsing activity, and public access to your friend list and your profile (The Lily): Journalist Staci D. Kramer set up a new Facebook account to test the privacy settings. She was shocked to discover that, by default, Facebook allows for: public access to friend lists and profiles, ad-targeting, and unrestricted monitoring of app and browsing activity. Though all of this is legal because it is included in the terms and conditions of service, many users often skip over this section and are unaware of how much information they are giving up.

Privacy tends to slip away if it is not actively maintained, because others benefit more when you share more data. The default privacy settings for most apps and online services are those that provide the least privacy. Privacy policies often allow providers to collect and share any data they can about you — and without notifying you. In other words, just because a company has a “privacy policy” doesn’t mean that policy has anything in it to protect you! Information is repurposed regularly. There is little to prevent companies from asking for information for one purpose, for example to verify your address, and using it for another purpose, like for targeted advertising of particular products.

Choose What You Use:

• Think through your preferences for how websites, apps, and services share your data, including:
  • How much data they collect and save about you (including personal/contact information, posts, and metadata);
  • How they use the data; and
  • Whether and under what circumstances they share the data with third parties;
• …and choose sites, apps, and services whose privacy policies are in line with those preferences. But also remember that companies don’t always abide by their posted policies; be prepared for leaks.

Use Your Imagination:

• When you are posting or sending an email, text, or online message, consider what might happen if the contents were made public to your family, friends, acquaintances, employer, or the government.

Forty-seven states have weak or nonexistent consumer data privacy laws (security.org): There are only three states (California, Nevada, Maine) where lawmakers have managed to approve legislation that guarantees residents some degree of control over their personal data online or, at the very least, puts regulations on the ways private companies can use collected personal data. Furthermore, the U.S. is one of only a few countries that still lacks a blanket data protection law at the federal level. As Emily Mancini, communications director for New York State Sen. Kevin Thomas (D), puts it, “It’s like the wild wild west for businesses and consumers alike.”

Privacy is not built into the architecture of the Internet. Until recently, few engineers and computer scientists considered the consequences for users’ privacy when designing technology; generally, privacy has been an “add-on” after systems are already built. Consistent standards or best practices for data privacy are limited, and have not been widely adopted across the industry.

Laws about use and collection of personal data vary from place to place — even within the U.S., different states have different laws — and it’s not always clear whose law applies. These laws and regulations tend to apply only to narrow areas (e.g. phone call logs or only some types of medical information) or particular audiences (e.g. children under 13 are more protected than older adults). In addition, there is little systematic monitoring; enforcement rarely happens unless someone files a complaint or brings a lawsuit.

Get the Facts:

• Educate yourself about existing laws and policies on what kinds of personal information can be tracked, shared with third parties, or made public. But also keep in mind that not everyone follows the law.
• Continue to educate yourself about privacy tools and principles, and share what you learn with your friends and family.

Communicate About Preferences:

• Contact policymakers and regulators and encourage them to:
  • Educate themselves about online privacy issues (for example, via our website!); and
  • Develop stronger regulations to limit sharing of user data, and to increase transparency and control over providers’ sharing data with third parties such as other companies or government agencies.

Online presences are hard to remove from online sites, which causes loved ones and family to suffer (ABC News): Hackers have found ways to reset passwords and security questions of dead users. These hackers use this new identity to send out spam messages. The brunt of responsibility for proving the account is hacked falls on the loved ones who must undergo the hassle of finding and faxing death certificates to the right departments, leading to unnecessary emotional turmoil.

When you share your data, it is not just you who may be affected. By sharing information about a loved one, for example, by posting a photo of a grandchild on a social media site, you risk exposing their private data. On the flip side, family and friends may inadvertently contribute to the accumulation of your data, for the same reasons. It is up to you to ensure that your data is secure, and to encourage others to respect your privacy and not share your information on the Internet.

Communicate About Preferences:

• Get consent from others before sharing information about them, for example, from your friend you took a photo of.
• Talk to your friends and family members who use social media about your preferences if you don’t want them to post about you, or only want them to post certain types of information. (But realize they might still do it anyway!)

Use Your Imagination:

• Assume that your family members and close friends are sharing information about you.

Get the Facts:

• Search for yourself regularly to see what others can find out about you.