About the author Brett Dunst is the vice president of corporate communications at DreamHost.

Every day, a new headline reminds us that keeping our online data private remains a constant struggle. Ongoing controversies involving Facebook and other social media sites only reinforce the point. It’s become depressingly common to hear of security breaches involving organizations who have been given access to our personal data—organizations that we’ve often never even heard of before!

How did we get here? History shows that we’ve come a long way in a short time, and reminds us that we don’t lack for founding principles. History also reminds us that our attitudes toward online privacy and the ways we attempt to control it have evolved. So, where is the next evolution going to take us? We have some ideas.

1) Encryption Will Become the New Normal

Encryption is an admittedly big tent. It encompasses everything from the hashing that safeguards passwords to the algorithms that guarantee the authenticity of digital signatures. Whatever form it takes, however, encryption represents the tech industry’s attempt to address the various issues clustering around data privacy and security.

In the future, expect all web traffic to be encrypted by default. Both Google’s Chrome browser and Mozilla’s Firefox display highly-visible warnings to users connecting to sites that do not employ the HTTPS protocol. With multiple parties—ISPs, advertisers, scammers, spammers, and law enforcement agencies, among others—tracking virtually every action users take online, encryption isn’t just for login pages anymore.

One thing to note: As this encryption initiative will be led by engineers and developers in the employ of tech giants, you may ask whose interests are being served. Is Apple’s hard stance on end-to-end encryption, for instance, a reflection of its desire to protect customers from mass surveillance? Or is this really a case of a trillion-dollar company being more invested in keeping certain parties from knowing too much about how it conducts its business?

Whatever the answer, internet users can only stand to benefit from the default use of encryption, even if they are not privy to the methods being employed on their behalf.

2) Regulation is Coming

This one is already starting. Lawmakers are pressing forward with measures to curtail certain data-collection practices that have made the rich and powerful of Silicon Valley exactly that.

Europe’s General Data Protection Regulation (GDPR), otherwise known to most North Americans as the “new cookie policy pop-up law,” focused on gaining permission to collect personal data from users of the web, and putting control of that data into the hands of the users from whom it’s collected. California’s Consumer Privacy Act, viewed by many as a precedent-setter, goes further, preventing the denial of services to those who opt not to participate in the data collection and monetization economy.

Meanwhile, both Maine and New York are contemplating bills similar to the one passed in California. Lingering concerns related to unauthorized disclosure of user information, particularly location data, have prompted calls for federal legislation.

Even though the Federal Trade Commission (FTC) has leveled a historic fine against Facebook over the social network’s role in the Cambridge Analytica scandal, that agency’s jurisdiction remains limited.

People across the U.S. are starting to wonder about the need for government intervention in regard to online privacy, and elected officials are listening. Regulation is not a matter of if, but when, how much, and the degree to which it will tilt the present balance of power.

3) Users Will Demand More Control Of Their Data

Those conflicted feelings you have about social media? You’re not alone. According to the Pew Research Center, slightly more than half of all Americans don’t have confidence that social media sites are doing what they should to protect their personal information. But Pew also finds that, despite their reservations, Americans still use social media as frequently as ever, with 74 percent of Facebook users making daily visits to the site.

Behind these statistics, however, are changing behaviors that point to a future in which users are more mindful of how their online activity translates into data, and businesses are starting to notice.

In this age of heightened awareness about data collection practices, it’s no wonder that the concept of “Data Minimalism” has been gaining traction in the tech industry. The philosophy is a simple one: collect only data which is necessary to provision products and services—be transparent about it—and return fair market value to those who wish to exchange their data with you. In short, data minimalism puts a premium on cultivating trust, not on aggregating as much information about users as possible for the purpose of creating predictive models.

Should that trust be violated, however, will users have the power to delete or permanently revoke access to their data? In the future, the answer is likely “yes.” That’s because the future of privacy is one in which user ownership of personal data is integrated into the internet’s very infrastructure.

All in all, the future of data privacy looks to be far less reactive and much more proactive. It will be one in which consumers are more educated about the issues and will not wait until the next embarrassing data breach to take steps to safeguard their personal data.

It will also be an era in which cooperation binds actual tech to actionable policies; one where everything from federal regulations to corporate terms and conditions will consider and respect implications to user privacy. For anyone who has had their data exposed or taken advantage of by a bad actor, that future can’t arrive soon enough.

Brett Dunst is the Vice President of Corporate Communications at DreamHost.