We are beginning to see the extent to which our online personal information can be compromised and used in ways we never intended and never authorized.

There is no way of telling just how vulnerable and insecure our data is, or how and where it is being used. But it is high time we start worrying and high time we demand protection.

When social media magnate Mark Zuckerberg, one of the world’s most powerful people, admits he’s been remiss at safeguarding our information on Facebook and vows to do better, we are justified in feeling that there is a very serious problem in the way our information is being used.

When revelations emerged that data analytics firm Cambridge Analytica had allegedly harvested information on Facebook and then used it to sway voters and achieve political ends, we are justifiably suspect that there is a very serious breach of trust taking place in the shadows of the web.

Cambridge Analytica stands accused of mining the personal information of 50 million Facebook users without authorization and using it to influence voters in the last U.S. presidential election.

Company CEO Alexander Nix has been suspended after damning hidden camera interviews appear to reveal how data stored online can be used for nefarious purposes.

Personal data used and abused

In the wrong hands, our personal data can also be used to damage our reputations, discriminate against us and manipulate and exploit us.

As the privacy commissioner of Canada considers policy reform to enhance the protection of our personal information, it is vital for us all to reflect on how that information could potentially be bought, sold, hacked or stolen, and used and abused in ways we never imagined.

When huge amounts of personal data meet powerful analytical technology, there is a staggering array of opportunities for the misuse of that data. We should be afraid.

Our information can be used in ways that are detrimental to our reputation, potentially limiting to our careers and professional opportunities, and threatening to our livelihoods.

We should all be worried about being tracked online and having extensive amounts of information collected and/or stored about us — about our lifestyle choices, our pasts, our interests, our religious or political beliefs and about our friends and their various likes, dislikes, beliefs and tastes.

Our social media likes say a lot about our values, tastes and disposition. They are used to craft profiles about who we are and how we act, and, in turn, make us the target of marketing and manipulation aimed at influencing our actions and changing our minds.

All of this represents a fundamental loss of our personal privacy and integrity.

As these disturbing possibilities sink in, the need for greater protection against the unscrupulous becomes apparent.

Know your rights

Canadians should familiarize themselves with the protections they do have and insist that more safeguards be put in place. Unlike individuals in the European Union, we do not have the so-called “right to be forgotten” — the right, basically, to silence details related to past events, and having information, videos or photographs expunged from internet records so that they cannot be accessed through a search engine.

But Canadian law does allow us to withdraw consent for the use of our information, which obligates businesses to destroy our personal data. Under our Personal Information Protection and Electronic Documents Act (PIPEDA), businesses must delete outdated and inaccurate data.

But there are limitations to the law. The right to withdraw consent, for instance, applies only to businesses that collect personal information during commercial activities.

Canadians — and consumers around the world — have the power to hold industries accountable for misuse or unauthorized use of our data.

After the revelations about Facebook and Cambridge Analytica, Elon Musk, CEO of Tesla and SpaceX, was challenged by Twitter users to delete the Facebook pages of his companies, which had more than five million followers combined. Musk promptly did just that. The gesture was a blow to Facebook’s reputation and likely to its bottom line.

Make companies afraid

Companies should be afraid of losing users’ trust. We, the citizens of the digital world, should reconsider our relationship with these companies and demand better from them. We have the power.

A new regulatory framework to protect Canadian citizens is needed to guard our personal information, not only related to what businesses have collected and not only within our national borders but abroad as well.

Like the EU’s General Data Protection Regulation, Canadians should be given the right to erasure or the right to be forgotten.

Read more: What Europe can teach Canada about protecting democracy

It’s true that the right to be forgotten will compromise the right to freedom of speech and the right to know. But if it’s properly implemented, it can give individuals greater control over their personal data. That includes the right to erase data that is outdated or no longer valid, and the right to refuse the processing of our data.

I was thrilled to hear that the Privacy Commissioner Daniel Therrien recognizes the need for an enhanced mechanism to protect Canadians online. While PIPEDA has enabled Canada to comply with the EU’s older data protection regulatory regimes, it may no longer provide the necessary level of protection.

Yes, there is an urgent need for new policies, guidelines and tools to ensure adequate standards. And perhaps it is time for our policy-makers to enable a high level of protection for the personal data of Canadians everywhere in the world.

The corrective measures and tools that are being built to protect EU citizens should be mirrored in the laws of our country.