Online privacy is the protection of an individual’s personal information and data while using the internet. It involves safeguarding sensitive data from unauthorized access, maintaining control over information shared online and determining what data is shared with third parties and how they can use it.
What Is Online Privacy?
Online privacy, also known as digital privacy or internet privacy, refers to your ability to protect and control your personal information while online.
What Is Online Privacy?
Online privacy describes the protection of personal data when using the internet and online platforms, including websites, mobile apps, commercial software and Internet of Things (IoT) devices. According to the General Data Protection Regulation (GDPR), personal data is “any information” that is related to an “identified or identifiable natural person.” Besides someone’s name and location, other identifiers like one’s phone number, credit card and license plate information are included under this definition.
A central principle of online privacy is that a user should be able to decide which parties can access their personal information while they traverse the web. In reality, it is nearly impossible to control what personal data gets collected, how it is used and who has access to it. Companies and governments are taking steps to improve the situation, but it is still largely up to individuals to preserve their privacy online.
Every time we use the internet, we leave a trail of personal data behind — everything from our name and age to our IP address and credit card number. Once that information is out there, it is bought, sold and traded via data brokers; scraped from one organization’s website by another; and sometimes even stolen by criminal enterprises for financial gain.
“The amount of information on people has exploded,” John Gilmore, who heads research at data privacy company DeleteMe, told Built In. And it’s easier than ever for that information to move around. “People have given it to other people, who have given it to other people, who have given it to other people. So what used to be siloed information is now kind of everywhere at once.”
Why Is Online Privacy Important?
Maintaining online privacy is important primarily because it strengthens your personal security against online attacks and scams.
Protects Against Cyber Attacks
In 2023 alone, more than 3,200 data compromises occurred in the United States, impacting some 353 million people (larger than the U.S. population) with malicious software, phishing scams and other cyber attacks. The problem will only continue to get worse with the expansion of artificial intelligence, which allows criminals to automate their attacks, making their jobs “easier, quicker and more effective,” according to Daniel Markuson, a digital privacy expert at data privacy company NordVPN.
Protecting your online privacy acts as a barrier against these malicious actors by reducing the amount of exploitable data available on the internet, making it more challenging for them to carry out their attacks successfully.
“Your digital persona is a part of you,” Adrianus Warmenhoven, a security advisory board member at NordVPN, told Built In. “So online privacy really means protecting a part of yourself.”
Gives Users Control Over Their Data
This need for protection extends beyond just the prevention of cyber attacks. Better online privacy can also help people maintain a sense of autonomy in an age where personal data is being collected indiscriminately by both companies and governments.
The information we share online is used to create profiles that can help retailers develop targeted ads and product recommendations, employers vet incoming applicants and law enforcement agencies solve crimes. It is also used to train massive AI models powering text and image generators like ChatGPT and Stable Diffusion.
After all, data is a valuable commodity — hailed by some as the “new oil” of the digital economy — and some people are wary of their personal information being collected and shared.
“It’s yours. There shouldn’t even be an argument about anything else. If you don’t want to share it, that should be enough,” Warmenhoven said. “Privacy should be about what I want to share with the world, not what I have to hide from the world.”
Common Online Privacy Threats
The things that erode online privacy come in all shapes and sizes, and their cumulative effect is substantial. Let’s examine some of the most common threats.
1. Weak, Reused Passwords
Many people use weak passwords — a birth date, a pet’s name, even the numbers “123456” (reportedly the most common password in the world). But weak passwords are one of the biggest threats to online privacy, particularly when reused across multiple sites and devices.
“Once it’s copied twice, that will be a red flag to anybody who is snooping. If they see it is used twice, they’ll go, ‘Well, it’s likely to be used a third time. Let’s target that person’,” Gilmore said. “The people who get hit with identity theft are the people who don’t take it seriously. They use the same passwords in multiple places.”
2. Social Media
Social media has made it easy to share virtually every aspect of our lives, making it a treasure trove of personal information. All of that data is scooped up by social media companies, which sell it to advertisers that want to get a better understanding of their user base.
Cybercriminals can also scrape this information and use it to commit identity theft or financial fraud. With every post, we create a clearer picture of our life, relationships, habits and possessions, making it easier for criminals to use it against us. For example, they can carry out social engineering attacks like spear phishing, pretexting and deepfakes — all of which involve using people’s personal information to trick them into handing over more of it, like social security and credit card numbers.
3. Mobile Apps
Virtually all mobile apps have access to users’ personal information, including their location, contacts and photos saved on their mobile device. Sometimes they can even tap into a device’s microphone and listen in.
According to a 2023 Surfshark report, shopping and food delivery apps like Wish and DoorDash collect the most data, while Facebook and Instagram rank among the worst apps for privacy. Google is the biggest offender, though. The tech giant collects users’ names, phone numbers, payment information, search history and even sent and received emails — much of which is shared with advertisers so they can create more personalized ads.
Apple and Google, which collectively control a vast majority of the apps we have on our phones, have beefed up their privacy permissions over the years. But smartphone users still have to be vigilant in monitoring and altering their apps’ permissions.
4. IoT Devices
From smart home tech like doorbells and speakers to wearables like fitness trackers and VR headsets, lots of internet-connected devices gather user data. Even smart cars do it — after conducting several studies, the Mozilla Foundation found that some vehicle companies collect and sell highly sensitive information, including immigration status, health history and sexual orientation.
Even if you’re comfortable with companies accessing and using that information, it’s important to remember that every device that connects to the internet is vulnerable to hackers. This is especially true of IoT devices, which often lack built-in security controls, Markuson said. “If your IoT devices are compromised, attackers could spy on your home, steal personal data or even use them as entry points to your home network.”
Tips for Protecting Your Online Privacy
Many aspects of online privacy are out of our control, but there are steps you can take to protect your data.
1. Use Strong, Unique Passwords
Every single site you use should have a unique password that you change often. That way, if a password is leaked, it isn’t useful to anyone for very long. And while they should be long (at least 20 characters, according to Markuson), your passwords don’t need to be complicated. Warmenhoven suggests taking a line from a favorite book or song and using that. “You can easily remember it, and if you forget it just go back to the book or the song.”
You can also use a password manager to keep it all straight.
2. Submit Delete and Opt-Out Requests
Today, 20 states have comprehensive privacy laws stating residents have the right to access, correct and delete the personal data collected on them, as well as opt out of any future sale or sharing of that data.
Even if it isn’t a protected law in your state, most companies will honor deletion and opt-out requests, according to Merry Marwig, a privacy consultant at data privacy company DataGrail. In fact, a 2024 DataGrail survey showed a 246 percent increase in total privacy requests from 2021 to 2023, about a third of which came from U.S. states that don’t have privacy laws.
“People are starting to realize the downsides of hyper-personalization online — how they’re being tracked, how they’re being profiled and how their data about them is being bought, sold and shared with companies they don’t know,” Marwig told Built In. “They want to regain that control.”
If you don’t want to do all of this manually, there are several tools that can help, including Consumer Reports’ Permission Slip app, which handles users’ privacy rights requests on their behalf. You can also use DeleteMe, which helps remove users’ personal information from open-source intelligence sites and other websites.
3. Stop Handing Over Personal Information
Don’t overshare on social media, and don’t give every company you do business with your contact information. For example, use a Google Voice number instead of your personal phone number when signing up for a rewards program at your local grocery store. And don’t include your contact information in email signatures, because that email will likely be forwarded to inboxes belonging to people you don’t know, Gilmore said, which can then be scraped.
Once you’ve stopped sharing this information and deleted the information companies already have, any data that’s already been breached or leaked will be useless (or at least less accurate) — making it harder for cybercriminals to attack you and companies to have a profile on you.
“All the companies that collect data need recent data to be the most effective,” Hayley Tsukayama, associate director of legislative activism at digital privacy nonprofit Electronic Frontier Foundation, told Built In. “I think there’s always a moment to just shift the balance a little bit.”
4. Use a VPN
A virtual private network (VPN) encrypts your internet connection, making it harder for third parties to monitor your online activities. You can also invest in a browser plugin called Global Privacy Control, which automatically prevents websites from tracking you.
5. Update Privacy Settings for Different Platforms
Sites like Google, Facebook, Instagram and X all have settings that allow users to regulate what data gets collected about them. Be sure to adjust these permissions on any platforms you frequent. In addition, modify your privacy settings on social media platforms to limit the amount of information that can be publicly viewed on your accounts.
6. Remove Unnecessary and Vulnerable Apps
Many mobile apps are notorious for tracking user activity, with Facebook and Instagram being named the least privacy-sensitive apps. Remove any apps that you hardly, if ever, use to reduce the number of apps collecting data on your in- and off-app activity. As for apps that score poorly in online privacy but are still popular, consider removing them temporarily when not using them to limit their ability to track your data.
7. Install Antivirus Software and Other Security Features
Equip computers, phones and other personal devices with antivirus software to catch any privacy-based attacks and detect potential threats ahead of time. Other security measures like firewalls can further limit access to computer networks, ensuring only authorized people can view sensitive data.
8. Advocate for Stronger Online Privacy Legislation
Advocating for stronger privacy legislation could lead to a more top-down approach to proactively addressing the challenges of online privacy. Such regulations could establish clear standards for how data is collected, used and shared, helping to prevent data breaches, identity theft and unauthorized surveillance, while holding companies accountable for responsible data governance.
“I really do encourage people to reach out to their lawmakers at the state level,” Tsukayama said. “I think more legislators are more willing to hear it now than they ever have been.”
Although the U.S. does not have any sweeping privacy legislation at the federal level, a growing number of states are signing laws of their own. In 2023 alone, eight states passed new comprehensive privacy laws. And by 2026, 13 state privacy laws will have taken effect.
“In the next three years, 43 percent of all Americans will be covered by state privacy law, which is great,” Marwig said. “And who knows? Between now and then even more states might adopt privacy law. This is a tidal wave of change.”
Frequently Asked Questions
What is online privacy?
Online privacy refers to a person’s ability to protect and control their personal information while using the internet.
Why is online privacy important?
Online privacy helps safeguard individuals from the unauthorized access, misuse and exploitation of their personal information. It gives people control over what of their data is shared online, preventing identity theft and the potential erosion of personal boundaries from companies and other people.
What can you do to protect your online privacy?
To protect your online privacy, you can use strong, unique passwords; read privacy agreements that pop up on websites; limit what you share on social media; request that companies delete your data and opt-out of future data collection; educate yourself on data privacy laws and advocate for stronger legislation.
Is there a right to online privacy?
As of now, there is no single, comprehensive law that fully addresses online privacy in the United States. Instead, consumers’ online privacy rights are governed by a mix of federal regulations and state laws, which each address different aspects of privacy protection.
