The threat to online privacy is massive and comes from various directions. Whether its careless users or IT administrators, data based business models or data theft, online privacy is nowhere near as guaranteed as it should be.

First, what defines online privacy? Following the right to privacy enshrined in many constitutions the following definition of online privacy could be given: online privacy is the individual right to decide what data, that I presently own, is shared with whom under which conditions and for how long. Consequently, the “right to forget”, i.e. the right to have previously granted access repealed is included in this definition.

Second, seeing as the current state of online privacy is dire, what changes could lead to a better protection of online privacy? Three changes are proposed in this post: increased user awareness, increased company awareness, and increased accountability

Users of internet services, be it individuals or legal entities, need to be more aware of issues of online privacy. First, they need to understand how their data, if required to use a service, e.g. Facebook, is being used. While responsibility certainly does not only rest with the user of a service they usually agree to terms of services and it is important that users understand those terms and not simply hit the “accept” button. Second, the wisdom of “less is more” might also be true for the digital age. When granting access to data subject to online privacy, users should ask themselves: is this data not better kept to myself? Do I really need to put it online? Third, increased user awareness includes a better understanding of safety mechanisms that can increase online privacy, such as encryption. Many tools are already out there but too few people use them. Finally, increased user awareness also means “punishing” services that have failed to ensure online privacy by not using them anymore.

Company awareness would also have to increase. Company, for the purpose of this post, includes all entities offering services that require users to hand over data subject to online privacy to the company. Being aware of the threat to online privacy means two things to companies: they need to invest in cybersecurity and they might need to rethink their business model.

Simple steps can be taken by companies to increase the security of data handed over to them by their customers, e.g. better training of personnel or investing in a more secure IT environment. Companies that base their existence on the access to data, and hence on the trust of their users to handle that data with care, have a special interest in doing everything they can to uphold online privacy. Those companies might also have to rethink their business model in face of increased user awareness. Clear communication of what happens to the data will become more important and the use of technologies previously judged attractive might become viewed as riskier as companies include aspects of online privacy into their decision-making.

Following these two changes, a third change would have to occur: increased accountability. On the one hand, individual or legal entities that have seen their online privacy violated need effective means to take legal action. However, this does not always mean simply punishing the company that provided the service the individual used. States, or given the decentralized and global nature of the internet even better, international organizations should decide on standards or guidelines for companies’ responsibilities regarding online privacy, making clear when users are eligible for legal action against a company and when not. Furthermore, the accountability of perpetrators behind online privacy breaches, be it hackers or intelligence agencies, needs to be increased as they too often get away. To this end, better technology and increased transnational cooperation of law enforcement agencies coupled with domestic political reforms could make the trick.

In the end, a consensus has to emerge that views online privacy not as something outdated but rather as a crucial component of a sustainable internet with all the economic and social benefits it provides. Such a consensus, in line with the three proposed changes, would ideally achieve a balance between online privacy and innovation and growth provided by companies and their services.

Nicolas Zahn, age 24, is enrolled in the Master of International Affairs program at the Graduate Institute of International and Development Studies in Geneva. He spent this fall semester on exchange at the Elliott School at the George Washington University where he worked at the Cyber Security Research and Policy Institute.