The Internet will likely go down in history as one of those inventions that fundamentally changed life, similar to the creation of the wheel and the combustion engine, as well as radar and the printing press. However, along with the Internet came a paradigm shift about how people’s privacy now needs to be protected, or not. And most notably, people themselves make the decision every day about how that privacy is made available online.
When the Internet was first created, it was first a military system and then an academic research network. Users were able to engage with it freely without providing much more than a login through their particular ISP entry point. However, decades later, particularly after the World Wide Web and then broadband access became commonplace, the Internet has asked for much, much more information from users, and users have been giving that data willingly in exchange for access.
The first big step in tracking people and their behavior online was the creation of cookies. A cookie is a small text file that gets deposited on the user’s computer when connected to the Web. As the user’s web browser travels from site to site, those websites can call on the local file and look at its information. Ideally, this is to help users see their preferences faster, but it also becomes a library of information users make available to websites with their interaction. Just about every major website today tries to plant a cookie or interact with them on a user’s computer. Those who are aware block cookies, but it also can mean some websites won’t work as well.
The next big step started in the late 1990s with the explosion of social media. Sites like MySpace, then Facebook, then Twitter and many more, offered easy channels for self-promotion, but they also leveraged and data-mined user information and re-sold it to other users. Search engines did the same, which also became powerful marketing research tools. In every case, the user had the power to choose to use the tool or not, but when they used it, the user’s identity and preferences were tracked. Today, the great majority of search and social tools trade powerful access for personal information and behavior data online automatically and have to be manually blocked or turned off.
The next big tool became mobile devices, which also became widespread in the 2000s. These tools tracked both data use as well as user’s locations, expanding the value of the data captured even more. Again, users can in many cases turn off the data capture, but not always. And many times, apps and even the phone providers track users’ data automatically anyways.
Now, in 2021, the biggest problem is loss of privacy for the purposes of cybercrime. Multiple attacks are made daily to grab users’ data for the purposes of identity theft. It’s big business and growing. And more devices, such as Internet of Things or IOT devices, are increasing the risks.
Legally, most Internet privacy laws have only come into being in the last few years. There is no comprehensive law about data capture, including private information, and privacy grabs happen with everything from cookies to adware to digital profile farming. The 1986 Electronic Communications Act provided the first digital privacy protection rule, but it was not until 1999 that the Financial Services Modernization act started to protect personal data like financial records and tax IDs. Another decade later, 2012 saw the Children’s Online Privacy Protection Act, specific to minors’ data, and the 2016 General Data Protection Regulation in Europe forced the first serious privacy protections online. However, California leads the world so far with its 2018 California Consumer Privacy Act, the first real law passed to actively hold companies accountable for privacy loss. This law, however, only applies in that state. What comes next depends on Congress, other states and the rest of the world.