Look around any crowded place nowadays and it’s quite clear that many of us have literally become prisoners of our own devices: smartphones, tablets, laptops — anything and everything with an Internet connection. Our lifestyles practically require us to always be on, and connected to everyone else.

That means at any point in the day, and at any point in the world, individuals freely exchange massive amounts of personal information among each other: names, email addresses, phone numbers, photos, bank account and credit card numbers, Social Security numbers, insurance details and so on.

Looking at that list, it’s clear why some are calling data the oil of the digital world — data has effectively become its own currency, something we trade to either share updates about our lives or make a purchase.

Yet, valuable as this information is, and much like physical currency, when it’s exchanged, governments now want to play a central role in monitoring, storing and processing it. That may not have been part of the deal at the outset of the Internet, but 15 years into the 21st century, it’s clear that more and more citizens are not only exchanging privacy for vague promises of security, but are doing so willingly.

That kind of oversight comes at a cost, though, as the feeling of always being watched forces a gradual change in behavior. We act differently if we’re always being watched, always typing or sharing under the assumption that someone within our government is peering in from over our shoulder — and this forced change in behavior amounts to a gradual disintegration of our online freedoms.

But it doesn’t have to be that way.

Data Protection In A Post-Safe Harbor World

The European Court of Justice’s (ECJ) ruling to invalidate the Safe Harbor agreement was a huge step forward for privacy advocates, both in the U.S. and the E.U. For too long, American intelligence agencies like the NSA had been able to co-opt the data transfer deal to spy on the personal information of European citizens.

But with the ECJ’s overturning of that agreement — and with it, the NSA’s means of breathing down the necks of E.U. end users — American companies will now have to find alternatives for facilitating intercontinental data transfers, alternatives that put data privacy and security front and center.

Data has effectively become its own currency.

We’re already starting to see those alternatives bear fruit. Microsoft, whom the U.S. government has hounded to relinquish the emails of a Hotmail user stored on a Microsoft server in Ireland, recently announced that it was building a pair of new data centers in Germany, which will be managed and operated by an independent German “data trustee.”

That third-party group will be the one responsible for storing and processing E.U. customer data, ensuring that it never leaves Germany — and that, even if prompted by the U.S. government, Microsoft would be unable to access that user data unless permitted by the trustee.

While it’s a meager step forward, and a much bigger paradigm shift is likely waiting for us come January, Microsoft’s move is a significant signal to both the U.S. government and the E.U. public that European data privacy is not something to be infringed on so easily just to make spies’ lives easier.

CalECPA And States Taking The Lead On Privacy Public Policy

The adoption of the California Electronic Communications Privacy Act (CalECPA) in the U.S. also strikes a blow for privacy advocates and against government overreach. The ACLU of Northern California, along with state Sen. Mark Leno and top tech companies, worked to pass the law, which requires law enforcement agencies to acquire a warrant before they can search through a person’s email, texts or other online documents, regardless of it being stored on a device or in the cloud.

This kind of legislation is not only sorely needed, but long overdue. The federal government passed the Electronic Communications Privacy Act way back in 1986 — and given how far the Internet and online communication have come in the last 30 years, that law may as well have been passed a century ago.

That kind of outdated legislation opens a lot of potential vulnerabilities and pain points for tech companies in charge of safeguarding customer data and simultaneously fielding data acquisition requests from law enforcement agencies.

More and more citizens are not only exchanging privacy for vague promises of security, but are doing so willingly.

Authorities have long capitalized on these digital gaps in Fourth Amendment protections to ramp up data requests: Google has seen consumer data demands from law enforcement skyrocket by 180 percent over the past five years, and AT&T received more than 260,000 similar requests in 2014 alone.

But CalECPA brings a much-needed game changer to the table, now requiring law enforcement within the state to secure a judicial warrant before they can begin rifling through a California resident’s online life.

It’s the same expectation we have of police before they can begin looking through homes and physical papers — and the same expectation that 75 percent of Americans have who believe that email, texts and location data qualify as sensitive information — so why shouldn’t that be the standard for online, as well?

The California state law, similar legislation of which exists in other states, such as Colorado, Maine, Texas and Utah, brings to life Supreme Court Justice Louis Brandeis’ words of how a “state may, if its citizens choose, serve as a laboratory” for wider public policy. It’s especially significant that we’re seeing this lab experiment take place in California, America’s premier tech hub and home to companies supporting the law, like Apple, Google, Facebook, Dropbox and Twitter.

The overturning of Safe Harbor in the E.U. and the adoption of CalECPA in California both show that it is possible to “check out anytime,” and reassert our rights to online privacy and a democratized Internet, free of the watchful eye of Big Brother.