What Is Data Privacy? Your Rights in the Age of Surveillance Capitalism

What Is Data Privacy?

Data privacy (also called information privacy) refers to the right of individuals to control how their personal information is collected, stored, used, and shared. It encompasses the principles, laws, and practices that govern what organizations can do with data about you — and what rights you have to access, correct, or delete that data.

In an era where your phone tracks your location, your browsing history is sold to advertisers, and facial recognition operates in public spaces, data privacy has become one of the defining civil rights issues of the digital age.

What Is Personal Data?

Personal data is any information that can identify an individual, directly or indirectly:

• Direct identifiers: name, email address, phone number, Social Security number, passport number
• Online identifiers: IP address, device ID, cookie identifier, advertising ID
• Location data: GPS coordinates, cell tower data, check-ins
• Behavioral data: browsing history, purchase history, app usage patterns
• Sensitive categories: health data, biometrics, genetic data, financial records, sexual orientation, political views, religious beliefs

Surveillance Capitalism: How Your Data Is Used

Shoshana Zuboff coined the term "surveillance capitalism" to describe the economic system in which user behavior data is the core product — not just a byproduct — of technology companies. The model:

1. Free services (search, social media, email, maps) collect massive amounts of behavioral data about users
2. This data is processed into predictive models about user behavior, preferences, and vulnerabilities
3. These predictions are sold to advertisers seeking to influence behavior — purchases, clicks, votes

The insight that made targeted advertising so valuable: companies like Google and Facebook don't just show ads, they can predict and shape behavior with startling accuracy based on accumulated data profiles.

Major Data Privacy Laws

GDPR (General Data Protection Regulation)

The EU's GDPR, effective May 2018, is the world's most comprehensive data protection law. Key rights it grants EU residents:

• Right to access: Know what data a company holds about you
• Right to rectification: Correct inaccurate data
• Right to erasure ("right to be forgotten"): Request deletion of your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Opt out of processing for direct marketing or profiling

GDPR requires lawful basis for processing personal data (consent, legitimate interest, contract, legal obligation). Fines can reach 4% of global annual revenue or €20 million, whichever is higher — and have been applied. Meta received a €1.2 billion fine in 2023.

CCPA / CPRA (California)

The California Consumer Privacy Act (CCPA, 2020) and its strengthened successor the California Privacy Rights Act (CPRA, 2023) give California residents rights to know what personal information businesses collect, opt out of the sale of their data, delete their data, and correct inaccurate data. As the world's fifth-largest economy, California's laws effectively set a de facto national standard for many U.S. companies.

Other Laws

Brazil's LGPD, Canada's PIPEDA (and proposed Bill C-27), China's PIPL, and state laws in Virginia, Colorado, and Connecticut add to a growing global patchwork of privacy regulations.

Data Brokers: The Industry You Didn't Know Existed

Data brokers are companies that collect personal data from hundreds of sources — public records, social media, loyalty programs, web tracking, surveys — compile detailed profiles on hundreds of millions of people, and sell these profiles to marketers, employers, insurers, landlords, law enforcement, and anyone willing to pay.

Major data brokers (Acxiom, LexisNexis, Equifax, TransUnion) hold profiles containing income estimates, purchase history, health conditions, political affiliation, relationship status, and more. Under CCPA, California residents can request deletion of their data from many brokers. Services like DeleteMe automate opt-out requests across major data brokers.

Practical Steps to Protect Your Privacy

• Use a privacy-focused browser: Firefox, Brave, or Safari with tracking prevention
• Block trackers: uBlock Origin browser extension blocks ads and most trackers
• Use encrypted communication: Signal for messages, ProtonMail for email
• Use a VPN: Encrypts internet traffic from your ISP and obscures your IP address from websites
• Minimize location sharing: Review app location permissions; use "only while using" not "always"
• Opt out of data brokers: Many allow opt-outs; services automate this process
• Review privacy settings: Regularly audit what Google, Apple, and Meta know about you via their data portals