5 surprising truths about online privacy protection

Share this article

Online privacy protection is a growing concern. According to a 2019 survey from RSA, 45% of U.S. respondents said their personal information was compromised in a breach sometime in the last five years. It’s not enough to exercise caution about what you post or share online. You also need to familiarize yourself with the various privacy policies and data tracking practices of the websites you visit.

That’s because internet privacy is neither universal nor comprehensive. Not only does every website offer a different degree of privacy protection, but every website also promotes its privacy practices differently. Some websites go to great lengths to protect their users’ privacy and involve them in the process, while other sites consider online privacy less important and don’t disclose their practices to visitors. 

Like all things internet-adjacent, the issue of online privacy is complicated and constantly changing. Here are five surprising truths about online privacy protection you might not know:

  1. Privacy policies aren’t completely mandatory

  2. Not every website is encrypted

  3. Some websites don’t need permission to track your behavior

  4. Websites aren’t required to anonymize information

  5. Most websites rely on opt-out policies

Improved privacy protection starts with awareness. If you want more control over your personal information, consider the websites you visit and how they either protect or limit your privacy. 

1. Privacy policies aren’t completely mandatory

A privacy policy is a statement that explains how a company or website collects its visitors’ personally identifiable information (PII), like email addresses, usernames, phone numbers, and credit card numbers. Most privacy policies disclose the following:

  • Which types of PII are collected

  • How PII is collected

  • Where PII is stored and for how long

  • Who has access to PII

Interestingly, there is no federal law in the United States that requires websites and online businesses to have a privacy policy. However, there are a few other state and federal laws that mandate it. The California Online Privacy Protection Act, for example, requires any website that collects PII from California residents to develop a comprehensive privacy policy and publish it online. 

Other laws, like the Gramm-Leach-Bliley Act and Health Insurance Portability and Accountability Act, require financial institutions and health care providers respectively to disclose what they do with users’ personal information. 

These laws don’t necessarily impose restrictions on how companies use consumer information, though. Privacy policies may promote transparency and help foster a sense of trust between companies and consumers, but they don’t increase your privacy protection. They simply tell you what level of privacy to expect when using a particular site, whether it’s minimal or comprehensive.  

2. Not every website is encrypted

Every website uses one of two URLs: HTTP or HTTPS. The difference between the two may seem minor, but that one little letter makes a big impact on the amount of privacy you experience when browsing a site. 

HTTP, which stands for hypertext transfer protocol, presents online information in plaintext, while HTTPS encrypts your personal information. Encryption is the process of coding information so only authorized parties can access it. Websites that use HTTPS essentially offer an extra layer of privacy protection to visitors. If, for example, you’re inputting your credit card number on an HTTPS site, the site will encode your credit card details so hackers can’t see them. 

Keep in mind, though, that using sites with HTTPS may reduce your chances of experiencing a breach, but it doesn’t protect you from data tracking. Websites using HTTPS can still gather your personal information, so it’s crucial to consider how comfortable you feel sharing certain details. 

3. Some websites don’t need permission to track your behavior

One of the first things you see when you visit a website is a small banner or pop-up box that says, “This site uses cookies.” Cookies are small text files that save information in your local browser, like your username or favorite site URL, then send that information to a server.

Most websites use a variation of cookies called tracking cookies, or third-party cookies, which gather information about how users interact with a site. Using the information collected by cookies, companies can figure out how often you visit a website, how long you stay on certain web pages, and which advertisements you click on.

The majority of companies that rely on tracking cookies use the information they collect to create digital personas of consumers and send them targeted ads. Thanks to an update to the U.K. Privacy and Electronic Communications Regulations, however, there are now restrictions on how companies can use tracking cookies. “Cookie Law,” a stipulation that aims to protect user privacy, says websites can’t track visitors without their consent. 

Unfortunately, the law only applies to websites that collect information from U.K. residents, which means U.S. companies can still gather your information without your permission. 

4. Websites aren’t required to anonymize information

Different websites rely on different methods of storing and accessing the information they gather from users. Many websites anonymize their information, either by encrypting PII or removing it from their databases. This approach helps improve user privacy protection because it ensures that no piece of information can be tied directly to an individual.

Unfortunately, not every website uses anonymization. Not only does this mean your personal information and online behavior can be linked directly to you, but it also makes you more vulnerable to targeted advertising and data breaches. 

5. Most websites rely on opt-out policies

Most websites today use opt-out policies for information collection and privacy settings. Unlike opt-in policies, which require users to actively consent to sharing information like their email address or preferences, opt-out policies assume users’ compliance. That means that unless you find and un-check a pre-checked box, you’re agreeing to having your information shared. 

Websites that use cookies often rely on passive consent; the pop-ups typically say that by continuing to use the site, you’re agreeing to having your information collected. Web giants like Google and Facebook also use opt-out policies for privacy settings regarding users’ location and login details. 

Not only do opt-out policies reduce your internet privacy, they also limit your autonomy by removing your choices or else forcing you to comply with an existing option. 

How to take privacy protection into your own hands

Without guaranteed privacy protection from websites, browsing the internet is like walking through a minefield. It’s difficult to trust that your information will be protected and that you’ll have a say in the process. 
Quitting the internet isn’t an option, though, so you have to get resourceful. Whether you want to boost your privacy or just exercise more control over your personal information, FigLeaf is here to help. Our all-in-one privacy tool lets you choose the level of visibility you want on each website you visit, so you feel protected in every corner of the internet.

Author: FigLeaf Team