The feeling can be unnerving: you log onto the internet a day after booking a trip to Paris and ads for Parisian hotels pop up on your screen. You feel like someone is gathering your personal information without your knowledge. Well, they both are and are not, so let’s take a closer look at what is occurring.

In the past, businesses knew nothing about potential customers, and little other than bare contact information, like a mailing address, about current clients.

The rise of Big Data, analytics, AI and machine learning made it possible for corporations to collect oodles of client information. In fact, the global volume of data will grow from 33 zettabytes (1 zettabyte is equal to 1 trillion gigabytes) in 2018 to 175 zettabytes in 2025, according to International Data Corp.

One effect is that corporations can now fairly accurately deduce a seemingly anonymous online visitor’s gender, ethnicity, native language, age, interests, and even political ideology.

The pros and cons of a decreasing online privacy

Benefits

Vendors deliver more personalized experiences

This usually means more targeted ads to potential customers. If the consumer is interested in the NBA, they will see relevant ads for team jerseys and basket balls rather than ice skates.

Downsides

Not knowing how information is collected

Consumers are uncomfortable with the amount of information gathered about them from their online interactions because they have no idea how it is collected. They feel like Big Brother is watching, listening, and recording without their permission.

Connection to personal data

When individuals browse the web, tools monitor their travels and build a user profile. Theoretically, the profile is not connected to any personal data. Consequently, vendors know where each computer with its unique IP address travels, but they don’t know that the person using the computer is Joe Smith, who lives on 12 Main Street in Los Angeles. If a father logs into his daughter’s computer, advertisements for makeup or toys greet him.

The impact of online privacy laws

In theory, a supplier should not link personal information freely given – say a mailing address for a shipment – to supposedly anonymous information, like what people click on while browsing a website. A firewall or barrier should exist, so that the information is not connected.  A few laws exist to protect consumer privacy.

CAN-SPAM Act: in 2003, the U.S. federal government passed the CAN-SPAM Act. It became mandatory that consumers be able to opt in or out of email lists.

General Data Protection Regulation (GDPR) is a European law designed to provide individuals with a better understanding and more control over how their personal data is used for marketing. Vendors must outline how they collect and use such data, and provide users with a way to opt out of any commercial usage of their information.

Does it work in practice?

In practice, laws often fall short of their intentions. In fact, how closely suppliers follow the law is debatable. Sometimes, they try to skirt them in a cat-and-mouse game that has played out for more than a decade.

For instance, consumers find that opting in is much easier, with just one click. But opting out is harder, often requiring removing yourself from several lists, many of which you did not directly ask for.

In August 2018, Google ran into problems with its tracking functions. Users told the vendor to turn the feature off, but it only stopped displaying location markers in one app, Google Maps. Whenever they accessed any other Google service, the system still collected their location information.

Money drives online privacy problems

These problems underscore the reality that a vendor’s main responsibility is to its shareholders, not its customers. Companies sometimes skirt the spirit of the law, if the potential financial reward is great enough.

So what’s the moral of the story?

New technology is emerging and it tracks users closer than ever before. While regulatory checks are in place to protect an individual’s privacy, vendors often try to bypass the laws. Consequently, the responsibility falls on the consumer to understand what is occurring and take sometimes difficult steps to safeguard their personal information.