How Companies and Governments Do (and Don’t) Protect Your Data

The spread of the internet has far outpaced domestic and international privacy laws, making global coordination difficult and leaving personal data vulnerable.

Last Updated
A padlock stands on a displayed European Union flag. A sweeping measure that went into effect in 2018, the General Data Protection Regulation (GDPR), applies to all companies who process the data of EU individuals, whether or not they are based in Europe.

Do you know where your personal data is?

It’s virtually impossible that you do.

Modern data storage is a nebulous business: a constellation of international data centers and servers house your passwords, emails, banking information, employment histories, and embarrassing middle-school profile pictures. But despite the global nature of storing and securing data, there’s little global coordination.

This is problematic, because different countries have different rules about who can access that data, be it network providers, governments, or law enforcement.

What’s more, laws have not kept pace with the technological revolution brought on by the internet. A patchwork of privacy laws, many enacted when data was stored in filing cabinets, not on the Cloud, clumsily continue to govern. The collection, storage, and handling of personal data are largely opaque processes, but that is starting to change.

New measures for new problems

People knowingly provide their information to companies like Google and Amazon because their services undoubtedly make life more convenient. Privacy, to some extent, is a trade-off for that convenience.

But repeated massive data breaches and major revelations regarding misuse of user data have brought some critical questions to the forefront:

  • What rights do users have to control their personal data?
  • What responsibilities do companies have to protect that data?

The General Data Protection Regulation (GDPR), a sweeping measure that went into effect in 2018, tries to address these concerns. Its reach is broad: it applies to all companies that process the data of EU individuals, whether or not they are based in Europe.

Although the GDPR may be changing the status quo in Europe, for now, still no international consensus exists on data privacy. Its absence has led to the messy application of privacy laws and to major legal conflicts.

For now, when it comes to digital privacy, where you log in to the internet can be as consequential as what you do online.