Over the last few years, the European Union, and US states like California have done a good job of passing consumer privacy laws, the GDPR and CCPA respectively. (https://www.startpage.com/blog/privacy-news/overview-startpage-gdpr-ccpa/) While neither law is perfect, they have been seen by many as steps in the right direction for putting a user’s personal data back in their control.

However, there is a downside to such legislation: It makes many consumers feel as though they can now let their guard down. They clicked “do not sell my data” and go about using sites like Facebook, Google, and others without a second thought.

There are two major problems with this line of thinking that should be addressed for both the casual user who thinks little about their privacy on a daily basis and the privacy advocate who does their best control what data these tech giants have about them.

First, laws are never perfect. The CCPA, for example, is what some have referred to as a “work in progress,” while others have noted it has some major loopholes.

“The law was hastily drafted and has potential loopholes that industry has signaled it will use to get around the law’s protections,” says Justin Brookman, director of privacy and technology policy at Consumer Reports. “We hope the California attorney general will interpret the law as it was intended, whether in its regulations or in its enforcement. If not, the legislature will need to go back and close up inadvertent vagueness in the law’s protections.” (https://www.consumerreports.org/privacy/california-privacy-law-ccpa-california-consumer-privacy-act/)

In fact, the CCPA only applies to companies that make more than $25M in revenue per year. That means a lot of smaller tech companies will be able to ignore this law, selling and profiting off your data on their way to becoming $25M-a-year companies. The truth is, without user intervention, these larger companies can still sell your data anyway.

Yet, it’s the second issue with these laws that is most prudent and should be taken most seriously: laws change. Elections happen regularly, different parties take control, and the government’s views on privacy and consumer rights change with them.

What happens when you drop your guard, give a corporation all of your data, thinking they can’t do anything with it, and then the law protecting your data is overturned?

The reality is, consumers should be using privacy-respecting services already. Services that respect and protect their privacy regardless of laws. Services that do this because it’s the right thing to do.

Long before the GDPR, Startpage was already protecting user’s data. They store no IP addresses, no personal user data, no tracking cookies, nothing about a search is identifiable to the user.

Email providers such as ProtonMail (https://www.protonmail.ch/) and Tutanota (https://tutanota.com/), cloud storage solutions like Nextcloud (https://nextcloud.com/), and messaging apps such as Signal(https://signal.org/), and Riot (https://riot.im/) do the same. As laws change, these services and many more like them provide consumer data protection and will continue to do so.

Data protection laws are great because they help protect users who don’t know much about data collection practices, but these laws shouldn’t be the be-all-end-all of keeping data safe and in your control. They should merely compliment the work being done by companies that already understand and respect their users.

If we can learn anything from the GDPR and CCPA, it’s what kind of data was being collected on us in the first place. For millions around the world this will be a shock and maybe the shock they need to realize that it’s time they take control.

For those of us who already advocate for consumer and data privacy, it’s time for us to help point these millions in the right direction and welcome them with open arms to a world in which they, and they alone, control what the internet knows about them.

—

Dan Arel privacy and digital rights activist, curator of ThinkPrivacy.ch, as well as an award-winning journalist, and best-selling author. His work as appeared in the Huff Post, OpenSource, Hacker Noon, Time Magazine, and more. You can follow him on Twitter @danarel.

The views expressed in this article are those of the author and do not necessarily reflect those of Startpage.