Here’s a news cycle to get used to: a story breaks about a big technology company doing something that sounds like an invasion of privacy; then there’s outrage, and either an apology or a denial. Sometimes a class-action suit follows. Then everything gets forgotten until another week or two passes, and the cycle renews. Privacy snafus are to social networks as violence is to football. The whole point of social networks is to share stuff about people that’s interesting, just as the whole point of football is to upend the guy with the ball. Every so often, someone gets paralyzed, which prompts us to add padding to the helmets or set new rules about tackling. Then we move on.

In mid-February, the social network Path was called out for pulling entire address books off users’ iPhones without permission. When Google announced changes to their privacy policies, thirty-six Attorneys General sent a letter to the company, laying out their grave concerns. A company called DataSift is working with Twitter to sell marketers access to the past two years of your tweets. Last week, Alexis Madrigal published a piece in The Atlantic in which he documented how a hundred and five companies had tracked his movements online during a typical day and a half of surfing.

The cycle repeats, and the privacy invasions continue, because data is the new currency of the Internet. The more data that a company has about you, the more useful it can make itself—both to you and to advertisers—and the more money it can earn. A search engine needs data to search. A social network needs data to help you network. Right now, advertising funds the Internet; and the more that advertisers can target you, the more they will pay. Booz Allen Hamilton recently reported that government restrictions on the use of private data would dramatically decrease both the amount of venture capital going into Silicon Valley and the amount of innovation coming out of it.

Data is also becoming ubiquitous just as privacy becomes elusive. Ten years ago, two people could walk through a park, talking: a public act in a public space that was easy to keep private. Now, it’s very easy for someone to film or photograph them and post it on Facebook. “It used to be expensive to make things public and cheap to make them private,” Clay Shirky, an Internet scholar and a professor at N.Y.U., says. “Now it’s expensive to make things private and cheap to make them public.” (Watch a video of from The Big Story of Shirky discussing this issue with privacy expert Lori Andrews, scholar Tim Wu, and Pablo Chavez, from Google.)

The amount that the Internet knows about us can be unsettling. In the modern panopticon, past mistakes don’t disappear from search engines, and now we all have to live like celebrities, worried that someone is filming when we pick our noses in traffic. More seriously, we can be robbed or defrauded. The alarm code to your house might be in a friend’s address book—which may have been sitting on a server that was controlled, at least for a moment, by Path.

So, what should we do? Congress has been debating privacy forever and doing nothing, which isn’t a terrible thing. Self-policing, as opposed to legislative policing, is generally a good idea for the Internet: laws tend to pass slowly, technology moves quickly. The system we have right now is one based on evolving social norms, corporate shaming, and the occasional intervention of the F.T.C. Last week, a coalition of companies announced that they will soon voluntarily include “do not track” buttons in Web browsers.

The smartest solution, or at least framework, that I’ve read comes from Benjamin Wittes, a senior fellow at the Brookings Institution. According to an essay that he published last year, titled “Databuse,” we should let certain things that we now consider privacy abuses slide. It doesn’t matter, in and of itself, that we have oceans of personal information floating around in government databases, or that advertisers know ever more about our lives. It’s disconcerting, but not harmful. Companies should tell the truth about what they’re doing, and consumers should have control over the data that’s collected. But don’t fret that marketers have collected keywords on everything you’ve tweeted about, or that the running-shoe ad on Facebook appears to know the size of your feet.

What we really need to fear are things like outright fraud. We have to be very careful about the way sensitive information—like what’s found in an address book—is stored and transferred. We need to be certain that insurance companies can’t raise our rates after they learn we’ve searched for “irregular heartbeat” online. The letter to Google from the Attorneys General begins by describing user discomfort with the company’s changes—that’s relatively unimportant. The much more important claim comes on page two, where the Attorneys General assert that Google’s new privacy policies, by sharing your data across the company’s many services, may make identity theft easier to perpetrate.

In response to all these developments, President Obama released a Consumer Privacy Bill of Rights, which consists primarily of broad and worthy calls for companies to be clear about the data they collect. It calls for “Individual Control,” “Transparency,” and “Respect for Context,” for example. Here’s an addition from Wittes that seems even more important: “A right to not have your data rise up and attack you.”

Illustration by Matthew Hollister.