To be clear, it is lawful — and common — for websites to trade most types of information about us without asking. The reason “privacy policy” is a ubiquitous phrase is that since 1998, the Federal Trade Commission has strongly suggested that all websites (and, later, all apps) include a disclosure about what they do with visitor data and what choices visitors have regarding those uses. What lies behind these links is a cavalcade of disclosures of how businesses across the internet track us, target us and trade our information.

Consider Target’s privacy policy, which is perfectly legal and not at all unusual. Target collects data about you across its website and app, in addition to knowing what you buy. It uses the information for its own marketing purposes. It also allows “third-party companies” to collect “certain information when you visit our websites or use our mobile applications.” In other words, it can share the data it collects with just about anyone.

But Target is not just profiling you based on how you shop with Target. It may also collect what you say on any blogs, chat rooms and social networks you use, and it may obtain “demographic and other information” about you from “third parties.”

You have to assume that Target can purchase any known information about you held by any other company. Not even your body is off limits — cameras in some stores “may use biometrics, including facial recognition,” for theft prevention and security.

Our surveys consistently show that Americans dislike being tracked. Why, then, aren’t Americans more angry and opposed to how often and extensively businesses track them?