Photo illustration by Delcan & Company; Photographs by Erik Tanner for the New York Times, Jim Watson/Agence France-Presse, via Getty Images, and Kimberly White, via Reuters

On June 9, 1999, Google made a pledge to its small but growing number of customers in a blunt 600-word statement. “Google is sensitive to the privacy concerns of its users. The internet allows individuals to explore and communicate with unprecedented ease, but it also allows websites to collect and distribute personal information with equal ease. We at Google know that many users are, understandably, concerned about such practices.”

The statement, which today reads like a quaint artifact of a simpler time, would become the company’s first privacy policy — a gently lawyered explanation of how the company collects and distributes its users’ data and information. Google’s was far from the first privacy statement from a big technology business, but it’s one of the first examples of the form from a company that helped lay the foundation for the modern, information-guzzling internet.

[As technology advances, will it continue to blur the lines between public and private? Sign up for Charlie Warzel’s limited-run newsletter to explore what's at stake and what you can do about it.]

And it wasn’t only Google that was “sensitive to the privacy concerns of its users.” All of today’s tech giants have made similar commitments.

In 2002, the Microsoft founder Bill Gates declared, “Users should be in control of how their data is used.”

Three years later, Facebook, through its founder, Mark Zuckerberg, echoed the statement in a note to its campus user base, “We give you control of your information.”

Similar statements from countless technology companies have followed in the years since. Over that time, they have said they would like to protect your privacy ...

“Privacy is not the same thing as anonymity. It’s very important that Google and everyone else respect people’s privacy. People have a right to privacy; it’s natural; it’s normal. It’s the right way to do things.”

— Eric Schmidt, former Google chief executive

“We can, and we must provide both in equal measure. We believe that people have a fundamental right to privacy. The American people demand it, the Constitution demands it, morality demands it.”

— Tim Cook, Apple chief executive

“We will continue to hold ourselves publicly accountable to make sure we fulfill the fundamental right of privacy.”

— Jack Dorsey, Twitter chief executive

“All of us will have to think about the digital experiences we create to really treat privacy as a human right.”

— Satya Nadella, Microsoft chief executive



… even as many companies began to collect and display information invasively.

Google Street View violates privacy Street View photos revealed users’ faces and locations without their permission. Facebook Beacon tracks purchases The recently introduced Beacon advertising program tracked your purchases on external sites by default and sent the information back to your profile. After an outcry, Facebook announced sweeping changes to the program.

Technology companies have also tried to explain all the ways they protect your privacy ...

“Google respects and protects the privacy of the individuals that use Google’s search engine services (“Google Search Services”). Individually identifiable information about you is not willfully disclosed to any third party without first receiving your permission.”

— Google privacy policy

“We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data.”

— Google Privacy policy

“What you may not know is that we also spend a lot of time thinking about the security that goes into those products, and more specifically the ways we can protect you and your private information.”

— Google blog post

“We push back a lot; we are able to turn down a lot of these requests. We do everything possible to protect the data.”

— Sergey Brin, Google co-founder

“As you use our services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.”

— Google Privacy Policy

“I don’t think we can have a democracy if we have to protect you and our users from the government for stuff that we never had a conversation about. … We need to know what the parameters of it is, what the surveillance is going to do, and how and why.”

— Larry Page, Google co-founder

“Protecting the privacy and security of our users has long been an essential part of our mission.”

— Sundar Pichai, Google chief executive

“You try to protect the data. ... I don’t think that’s ever going to be resolved, per se. It’s a continuous cat-and-mouse game.”

— Jeff Bezos, Amazon chief executive

“Protecting your data is our highest priority.”

— Microsoft privacy policy

“One of our biggest responsibilities is to protect data. If you think about what our services are, at their most basic level, you put some content into a service, whether it’s a photo or a video or a text message — whether it’s Facebook or WhatsApp or Instagram — and you’re trusting that that content is going to be shared with the people you want to share it with. Whenever there’s an issue where someone’s data gets passed to someone who the rules of the system shouldn’t have allowed it to, that’s rightfully a big issue and deserves to be a big uproar.”

— Mark Zuckerberg, Facebook chief executive

“We need to use our collective prowess and power to protect these most vulnerable of populations, and it requires not just our industry but also nation states to be part of that.”

— Satya Nadella, Microsoft chief executive

“I, and everyone at Facebook, accept the deep responsibility we have to protect the people who use our services. We know we need to get better at anticipating all of the risks that come with connecting so many people.”

— Sheryl Sandberg, Facebook chief operating officer

“When you use Microsoft business cloud services, you are entrusting us with your most valuable asset — your data. You trust its privacy will be protected and that it will only be used in a way that’s consistent with your expectations.”

— Microsoft privacy site

“Our commitment to protecting your data and your privacy is a fundamental part of everything we do.”

— Google update on European Union privacy law policy



… but the rhetoric was different from reality, where a number of companies experienced hacks and data breaches.

PlayStation Network hacked The personal information of 77 million PlayStation Network users is compromised. Yahoo hacked The breach “affected all three billion of Yahoo’s user accounts” and “disclosed names, birth dates, phone numbers, and user passwords.” Another Yahoo data breach A separate breach affects 500 million accounts. Cyberattack on eBay The attack compromises the data of 145 million users, including addresses and encrypted passwords. Marriott hotels hacked Hackers gain access to the personal information of 500 million Marriott customers, including the credit card numbers and the cards’ expiration dates of more than 100 million individuals. Adult Friend Finder breached The breach exposes 20 years of personal sex and dating information from nearly 412 million accounts. Equifax credit bureau breached Information (Social Security numbers, driver’s license numbers) of more than 143 million consumers is exposed. Uber hacked Data from over 57 million Uber users and drivers, including driver’s license numbers, email addresses and phone numbers, is exposed.

Since the early 2000s, companies have argued that despite all the data they collect, you still own it ...

“When we face a choice between adding features and resolving security issues, we need to choose security. … Users should be in control of how their data is used. … It should be easy for users to specify appropriate use of their information, including controlling the use of email they send.”

— Bill Gates, Microsoft co-founder

“There are pretty intensive privacy options. You can limit who can see your information, if you only want current students to see your information, or people in your year, in your house, in your classes. You can limit a search so that only a friend or a friend of a friend can look you up. People have very good control over who can see their information.”

— Mark Zuckerberg, Facebook chief executive

“We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information. Our default privacy settings limit the information displayed in your profile to your school, your specified local area, and other reasonable community limitations that we tell you about.”

— Facebook privacy policy

“Facebook has succeeded so far in part because it gives people control over what and how they share information. … People need to be able to explicitly choose what they share.”

— Facebook blog post

“Our philosophy is that people own their information and control who they share it with. ... In reality, we wouldn’t share your information in a way you wouldn’t want.”

— Mark Zuckerberg, Facebook chief executive

“We believe the customer should be in control of their own information. You might like these so-called free services, but we don’t think they’re worth having your email, your search history and now even your family photos data mined and sold off for god knows what advertising purpose. And we think someday, customers will see this for what it is.”

— Tim Cook, Apple chief executive

“For me the onus is on us to give enough value that people trust us. All the machine learning and A.I. we do will help us do privacy better, too. A lot of times it’s hard to do privacy because we rely on manual heuristics. We want to do even better you should be able to tell google maybe the last four hours you know, just take it off. We did that when we built Chrome you could switch to incognito mode when you want to. We are doing the same with messaging. We give users choice and over time we can get smarter giving users sophisticated privacy controls. … We can be smarter about it over time.”

— Sundar Pichai, Google chief executive

“No, Senator. Actually, at — the first line of our terms of service says that you control and own the information and content that you put on Facebook…”

— Mark Zuckerberg, Facebook chief executive

“The second is around giving people complete control. This is the most important principle for Facebook: Every piece of content that you share on Facebook, you own and you have complete control over who sees it and — and how you share it, and you can remove it at any time.”

— Mark Zuckerberg, Facebook chief executive

“We also believe that people should control their advertising experience.”

— Sheryl Sandberg, Facebook chief operating officer

“Protecting the privacy and security of our users has long been an essential part of our mission. We have invested an enormous amount of work over the years to bring choice, transparency and control to our users.”

— Sundar Pichai, Google chief executive

control over the collection, use and distribution of your “Our time-tested approach to privacy is grounded in our commitment to give youof your customer data . We are transparent about the specific policies, operational practices, and technologies that help ensure the privacy of your data in Microsoft business cloud services.”

— Microsoft privacy policy

“When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.”

— Google privacy policy



… and yet default designs and settings and lax security have long left information vulnerable.

Apple mishandles location data Apple’s chief executive, Steve Jobs, apologizes for keeping iPhone data unencrypted and, in some cases, stored even when users had chosen to turn off location services. Facebook ‘deceived consumers’ Facebook settles with the Federal Trade Commission over charges that it told consumers they could keep their information on Facebook private, “and then repeatedly allowing it to be shared and made public.” Facebook security breach The accounts of 50 million users is exposed. Attackers “exploited a feature in Facebook’s code to gain access to user accounts.” Facebook may have exposed photos A bug may have exposed the private photos of up to 6.8 million users. Facebook gives access to Bing The New York Times reports that “Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent,” and “gave Netflix and Spotify the ability to read Facebook users’ private messages.”

Finally, since the advent of concerns about Google and Facebook’s use of personal data for advertising, companies have pointed out that they don’t sell your data …

“We do not rent or sell your personally identifying information to other companies or individuals unless we have your consent.”

— Google privacy policy

“We don’t sell your information, and we have no plans to ever.”

— Mark Zuckerberg, Facebook chief executive

“That’s the bare minimum of how you need to think about ads; that’s the way you can use the service without paying for it. We don’t sell your information, people trust us, so that’s important for us.”

— Mark Zuckerberg, Facebook chief executive

“We don’t sell your personal data. … We don’t transfer your personal data to third parties.”

— Marissa Mayer, Yahoo chief executive

“Information about our customers is an important part of our business, and we are not in the business of selling it to others.”

— Amazon privacy policy

“We don't sell your information. When an advertiser runs a campaign on Facebook, we share reports about the performance of their ad campaign. We could, for example, tell an advertiser that more men than women responded to their ad, and that most people clicked on the ad from their phone.”

— Mark Zuckerberg, Facebook chief executive

“Information about our customers is an important part of our business and we are not in the business of selling our customers’ personal information to others.”

— Amazon Web Services privacy policy



… and nonetheless many of the companies' business models are predicated on a targeted advertising model that relies on the continued collection of increasingly personal information.

Facebook apps send data to advertisers The Wall Street Journal reports that popular Facebook apps like FarmVille were “transmitting identifying information” to third-party advertisers and tracking companies. Cambridge Analytica Facebook data policies allowed a number of connected apps, including one which was used by the political consulting company Cambridge Analytica, to harvest information from millions of unsuspecting users. Smartphone locations recorded The New York Times reports dozens of companies use smartphone locations to help advertisers and hedge funds. While the data is anonymous, reporters were able to identify at least one individual using a sample of location data gathered in 2017. Phone carriers sold location data Motherboard reports major phone carriers were selling access to their customers’ location data, letting third parties track most phones in the country.

It’s been almost 20 years since Google’s first privacy statement. The internet today is a significantly different place, one that’s largely powered by the transmission and transfer of our personal information. Data breaches — some of vertiginous scale — are common, as is the creeping sense that, in order to log on, we’re forced to submit to being tracked and targeted.

But if the modern internet has changed greatly, the statements from the multinational corporations that transformed it have remained strikingly similar. The tech companies and their leaders have been saying we should be in charge of our information for 20 years. So why — now, more than ever — does it feel that we aren’t?

Charlie Warzel, a New York Times Opinion writer at large, covers technology, media, politics and online extremism. He welcomes your tips and feedback: charlie.warzel@nytimes.com and @cwarzel. Stuart A. Thompson is the graphics director for The New York Times Opinion

The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email:letters@nytimes.com.