The Complete Data Privacy Timeline

Explore the world of online data privacy with this rich timeline. Revisit pivotal moments in our shared online history and discover actions that you can take today to increase your online safety.See an interactive version of this timeline at MyDataMyChoice.me

The Dawn of Data Privacy

1960s

The US Government Collects Data on American Citizens

Following President Lyndon Johnson’s decision to create a centralized database with every citizen’s information, citizens rise up in frustration.

Congress holds numerous hearings that a computerized national data bank could mean endless snooping and infringe on citizens’ rights. The project isn’t realized, however the Fair Credit Reporting Act of 1970, and the Privacy Act in 1974 are created.

1991

The Internet Goes Public

Previously a military project, the Internet is opened up to the public. Entrepreneurs start earning money online.  Users with dial-up connections access content they’ve never found in a library. Communication flourishes.

1994

A Sting CD is the First Thing Sold on the Internet

On August 12, 1994, the internet enables the first e-commerce purchase. A Philadelphia resident uses his credit card to order a Sting CD on what is one of the first e-commerce websites. The purchase is encrypted with a program called PGP (“Pretty Good Privacy”).

first thing sold on internet sting cd

Netscape Uses the First Cookie and Creates SSL

Netscape creates the first browser cookie. In 1994, it fulfills the same purpose as it does today: allowing companies to recognize users, track their activity on the Internet, and build a customer profile. Originally, Netscape created the cookie to recognize users who have already visited certain websites. The cookies are accepted by default. Users aren’t even notified of their existence.

Netscape also develops SSL (Secure Sockets Layer) as a way of securing communications between clients and servers on the Internet.

ACTION: Find out whether your browser is  tracking you. Check with Panopticlick.

1995

Amazon and eBay Launch Their Websites

In July 1995, Jeff Bezos launches Amazon as an online bookstore. In the autumn of 1995, Pierre Omidyar also launches eBay.

The two events are widely considered to be the real start of the dot com bubble.

ACTION: Tired of impulse purchases. Delete Your Account.

ACTION: Stop the bidding madness.  Adjust Your eBay Account (or just ask a trusted friend to change your password!)

The European Data Protection Directive Is Adopted

Following privacy concerns regarding the websites that started collecting customer data in the period of the first tech bubble, the European Union passes a directive governing the processing of personal data on October 24, 1995.

1996

With the Internet, marketers suddenly have a new way to communicate to their potential customers.

Hotmail develops a free email service that opens up email addresses to the public (not just something for students or businesses anymore). Marketers can now reach thousands of prospects online.

1997

Surfers Beware: The Electronic Privacy Information Center Reviews 100 Most Popular Sites

In 1997, the Electronic Privacy Information Center reviews a hundred of the Internet’s most popular sites only to realize that only 17 of them have an explicitly stated privacy policy.

Out of the 100 websites they examine, 24 are found to use cookies, and none of them allow users to access their data.

The Center concludes that data privacy will be one of the biggest challenges for the Internet, and they recommend creating privacy policies, enabling users to view their data and use the website anonymously should they wish to do so. Their goal is to add more transparency to the way data is collected and processed.

ACTION: Tired of being tracked by your browser? Block Invisible Browser Trackers.

electronic information privacy centre twitter post

1998

PayPal Launches

PayPal launches as an online payment system and a money transfer tool used by e-commerce websites to process payments. The company regularly faces problems with regulations and fraud. To use PayPal, e-commerce websites have to share data with PayPal, and PayPal encrypted this sensitive financial information. It’s very similar to how PayPal operates today.

1999

<h2″>The DoubleClick Merger Scandal

Advertising giant DoubleClick plans to merge with data brokerage company, Abacus Direct.

DoubleClick uses the Dynamic Advertising Reporting and Targeting (DART) system to allow advertisers to move their ads, track the number of clicks, and select which ads will be displayed to whom. The information they collect includes: Browser type, OS, ISP, bandwidth, date and time, and the IP address of visitors.

A privacy scandal erupts when DoubleClick announces they want to deanonymize ads data, infringing on the privacy rights of millions of consumers whose behavior had been tracked.

2000s

The Patriot Act, Total Information Awareness, and Surveillance Following 9/11

Following 9/11, the USA starts developing technology that will enable the government to gather, analyze and store local and international data locally.

The Patriot Act, passed six weeks after 9/11, lawfully broadens the surveillance powers given to the National Security Agency.

According to the New York Times’ 2005 reports, this decision allows the NSA to monitor “the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States.”

ACTION: Learn more about the Patriot Act and how it may impact you.

The Creation of Network Advertising Initiative

Following the DoubleClick scandal and other data privacy concerns, a group of industry experts form the Network Advertising Initiative (NAI) and publish a set of principles in coordination with the Federal Trade Commission.

In 2002, the NAI releases guidelines for the use of web beacons (behavior tracking code). The code that is used to track visiting and tracking patterns and install cookies is supposed to ask for consent when personally identifiable information is transferred to a third party.

The NAI also advocates for transparency and allowing website visitors to clearly see which information is being collected, and how it’s being processed.

Additionally, NAI-compliant ad networks are to give consumers a choice to opt out of being tracked and targeted with ads.

ACTION: You can opt-out of interest based advertising with NAI members.

Online Credit Card Fraud

In early 2000’s, online credit card fraud increases due to insecure protocols used to transmit financial information over the web.

According to CyberSource, online retailers lose $1.5 billion in online revenue due to credit card fraud by the year 2000.

Google Launches AdWords

Google AdWords (now known as Google Ads) is initially released on October 28, 2000.

It uses cookie technology and keywords searched for by users to decide which ads will be displayed across their (then still budding) advertising affiliate network.

ACTION: Tired of telling Google what you do? Delete your Google account.

google Adwords and google analytics

2003

MySpace Launches

In 2003, Chris DeWolfe, Tom Anderson and Jon Hart establish MySpace — the first major social network.  It is the largest social networking site in the world from 2005-2008.

MySpace only uses website and affiliate advertising to generate revenue. User data is collected from their website and their affiliate network to select ads for each visitor through behavioral targeting.

The Can Spam Law

Inboxes grow crowded as digital marketers email customers and spam becomes a very real problem.

The Can Spam Law and the Data Protection Act require all businesses to include an opt-out option in email communications. The law makes it mandatory for commercial email senders to provide opt-outs, state their physical address, and identify ads.

2004

Rampant Web Attacks

2004 sees rampant hacker attacks. Web software vulnerabilities are hacked to intercept sensitive data. Some of the methods used are Trojans, keystroke loggers, and malware.

The Payment Card Industry Security Standards Council (PCI) is Formed

With the threat of cyber attacks and the rise of online shopping’s popularity, the PCI is formed to ensure that businesses comply with the security standards necessary for safe online shopping.

Facebook is Born

On February 4, 2004, Mark Zuckerberg, Eduardo Saverin, and others team up and create Facebook.

Originally, Zuckerberg creates Facebook’s beta version – Facemash – as a dating and meetup site for college students. Their profiles contain personal information and photos, and users get to decide who’s hot – and who’s not. This site attracts more than 450 visitors within the first four hours of launching.

Harvard administration charges Zuckerberg with breaching security, copyright violations, and privacy violations as he uploaded photos and information about Harvard students without their consent.
Facebook mashup privacy violation

Online Data Privacy Gains Traction

Late 2004

PCI Releases the First Unified Security Standard

New unified security standard is introduced, in an attempt to facilitate safer and more secure online shopping transactions. This standard is supported by five major credit card brands, including Visa and MasterCard.

This is the first security standard requiring all merchants (processing more than 20,000 card transactions per year) to comply.

2007

Facebook Launches the First News Feed

Facebook launches the first News Feed. Facebook is accused of breaching user privacy. The news feed is modified to allow users to adjust some privacy settings.

Facebook Tries to Share Online Purchasing Behavior

Facebook pilots Beacon, a program that sends notifications to users’ friends when they make purchases online. This would allow Facebook to offer targeted ads. Users respond to Beacon by filing a class-action lawsuit and the project is scrapped. (This is not the end of targeted advertising with Facebook.

Facebook beacon privacy concerns

Google Introduces Street View

Google introduces Street View. Google cars start roaming streets worldwide, capturing images to show in maps.

Users are concerned with the level of detail shown in the images — streets, people, and homes are shown.

It is later revealed that Google cars also collected information from public Wi-Fi networks in 30 countries.

Google starts blurring individuals’ faces and car license plates in an effort to protect their privacy. Users are invited to flag photos that may infringe on privacy.

Google Acquires DoubleClick

Google moves into online display advertising, with the $3.1Billion purchase of DoubleClick, the largest online advertising company. This includes acquiring DoubleClick’s ad software, as well as relationships with web publishers and advertisers.

2008

Facebook Launches Social Login

Facebook launches a social login service, Facebook Connect. Users can now log into a variety of sites using their Facebook profile. The “partnered” websites can access details about the users’ Facebook profile, including their full name, photos, wall posts and friend lists.

Twitter, LinkedIn and Google+ follow with their own social logins in 2009, 2010 and 2011, respectively.

Consumers begin to worry about online privacy. “Single Sign-On (SSO)” logins allow social networks to share user data with third parties — usually in the service of advertising. Companies can legally target users with advertisements based on their behavior across several “partnered” websites.

ACTION: Find out what Facebook knows about you and how to change that.

ACTION: Learn how to delete your Google account

ACTION: Delete yourself on other social networking sites

2009

Appreciation Engine Begins!

In 2009, The Appreciation Engine (AE) is founded by Jeff Mitchell and Annabel Youens with a singular purpose: Use data to create a two-way relationship between businesses and consumers.

Vocal about their support of data privacy, AE has been steadily working on creating better marketing solutions that focus on customer experience.

Facebook Copyright Qualms

Following public outrage, Facebook modifies their terms of use to offer more data rights to users. (Facebook previously reserved the right to use all the content uploaded to the site by users.)

Facebook allows users to make their photos and videos private, but the default setting is still “public.” Status updates also remain public.

ACTION: Find out what Facebook knows about you and how to change that.

Permission-Based Email Marketing

By 2009, email marketers realize that many of their emails aren’t even reaching their prospects’ inboxes.

Marketers realize the main reason for email subscription opt-outs is lack of relevance. Permission-based email marketing shows up, requiring interested users to opt-in to email marketing. The results are higher open rates, more interested email recipients, and (perhaps) less spam.

2010

Birth of Instagram

In October of 2010, Kevin Systrom and Mike Krieger launch Instagram – a photo-sharing social network.

the launch of instagram in 2010

2011

Google Buzz Privacy Violation

Google settles Federal Trade Commission (FTC) charges of deceptive practices and consumer privacy violations related to their social network, Google Buzz.

The FTC complains Google is violating its own privacy policies by using Gmail data for its Buzz network without consent. Google ignored Gmail users’ rights to decline being included in Buzz, and uploaded Gmail user data to Buzz regardless of whether someone chose to join the social network or not.

The settlement bans Google from future privacy misrepresentations, requires the company to implement a comprehensive privacy program, and makes regular privacy audits mandatory until 2031.

2012

Google Introduces the Omnichannel Experience

Google announces that it will consolidate user data across a variety of Google platforms to offer a better customer experience.

The program is implemented using Google Accounts, as opposed to scattered Google services users previously had to use. Now users can access everything from a single panel.

Google also updates their privacy policy and makes the data privacy changes clear to all users.

Facebook Acquires Instagram

In April, Facebook acquires Instagram for $1 Billion. The change in Terms of Use means all users agree by default to businesses paying Instagram to display their usernames, likeness, photos (with metadata), and behavior as a form of advertising.

Instagram’s competitors respond by creating privacy-friendly services.

Email Audience Segmentation and Targeting

Infusionsoft, an email marketing company, raise more than $71 Million, including $54 Million from Goldman Sachs, to keep working on a way to target email subscribers more accurately. In the early days, Infusionsoft tags email subscribers based on the websites they visit and the actions they take on them.

The DMA (Data & Marketing Association) reports that over 85% of marketers are segmenting their email lists.

The New Era of Data Privacy: the Good and the Bad

2014

iCloud Under Attack

Hackers released not-so clothed pictures of celebrities stolen from their Apple iCloud accounts. The leak causes a huge uproar and prompts a review of cloud computing services with a special emphasis on private and personal data.

ACTION: Safari sends data to Apple while Chrome sends info to Google. If you’re not cool with that, try Firefox.

iCloud hacking celebrity pictures

2015

Experian Hack

Experian, one of the world’s largest credit agency data brokers is hacked. This means 15 million people who applied for Experian credit checks have their personal information exposed including their names, addresses, social security, driver’s license and passport numbers.

ACTION: Sign up for notifications to find out if any of your personal information has appeared in a data breach.

2017

Canada’s Anti-Spam Law (CASL)

The transition period for the implementation of practices outlined in Canada’s Anti-Spam Law (CASL) ends. The law requires everyone who sends email for commercial purposes to get explicit subscriber consent for receiving the emails in the first place.

Equifax Hack

Personal information stored by the US credit bureau is stolen through a security vulnerability. This affects 145.5 Million customers. The stolen data includes social security, drivers license, names, data of birth, and addresses.

ACTION: Check if your information was hacked.

2018

General Data Protection Regulation (GDPR)

EU’s General Data Protection Regulation (GDPR) comes into force. This regulation outlines how consumer data can be collected, analyzed, transferred, and stored.

Businesses who in any way came into contact with EU citizens’ data have to follow the practices outlined in the regulation or face severe penalties.

ACTION: Find out more about your rights under the GDPR

ACTION: Find out if your business is GDPR compliant.

California Consumer Privacy Act (CCPA)

California follows the EU’s lead in 2018 by creating the CCPA. Similarly to GDPR, the CCPA also outlines how businesses can collect, store and transfer consumer data from Californian residents.

ACTION: Find out more about your rights under the CCPA.

CCPA privacy compliance

At least 21 Facebook Privacy Scandals

More than 21 Facebook privacy scandals take place in 2018. The most public of these scandals reveals that Cambridge Analytica, a British political consulting firm collected data from millions of Facebook user profiles and used it for political advertising.

Facebook has been facing severe backlash due to these scandals, with consumers calling for stricter regulations when it comes to online data privacy.

ACTION: Find out what Facebook knows about you and how to change that.

Safer Sites with the HTTPS Protocol

Google announces that not having a SSL certificate (HTTPS protocol) will now impact the ranking of websites. SSL certificates allow a more secure connection from web server to browser. By requiring sites to use a HTTPS protocol, Google contributes to a more secure Internet.

2019

Zoom Flaw Gives Hackers Access to Webcam

In an attempt to create a frictionless experience for Mac users, a feature in the video conferencing app Zoom causes a vulnerability that allows an attacker to access a user’s webcam feed without them knowing.

ACTION: Update your Zoom Privacy Settings

ACTION: Safely remove Zoom from your computer

First Cases of COVID-19 Reported to the World Health Organization

Now known as COVID-19, a new strain of coronavirus previously not encountered in humans breaks out in Wuhan, China. The virus is reported to the World Health Organization (WHO) in December after causing numerous cases of pneumonia.

As the number of cases drastically rises, 50 million people in Wuhan and nearby cities are placed under quarantine measures by the Chinese government to control the spread of the virus.

2020 and The Future: Protecting Your Rights

2020

California Consumer Privacy Act (CCPA) Goes into Effect

Originally passed by the California State Legislature on June 28, 2018, the California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020.

The CCPA defines California residents’ personal data rights, allowing them access to their personal data and giving them agency over how that data is collected, sold, and disclosed.

World Health Organization Officially Classifies COVID-19 as a Global Pandemic

The COVID-19 virus spreads beyond China’s borders, causing outbreaks in countries throughout the globe. The World Health Organization classifies COVID-19 as a global pandemic due to the level of spread and severity of the outbreaks.

Countries all over the world begin enacting quarantine and lockdown measures to prevent the spread of COVID-19 as the number of cases skyrockets. These measures include shutting down all non-essential businesses and schools, as well as enacting social distancing measures to prevent contact between people.

Zoom Privacy Concerns Increase as Daily User Count Balloons to Over 200 Million

As more and more countries put into place social distancing measures, the daily user count on the video conferencing app Zoom soars from 10 million in December to 200 million in March.

Instances of uninvited participants showing up in and derailing private Zoom conferences make headlines and Eric Yuan, Founder and CEO of Zoom, puts out a statement in response to privacy and safety concerns on the app.

ACTION: Update your Zoom Privacy Settings 

ACTION: Safely remove Zoom from your computer.

Privacy Concerns Around COVID-19 Contact Tracing

Using smartphones to trace close physical interactions between individuals is proposed by public health experts and others in order to help mitigate the spread of COVID-19. For many, the idea raises concerns over privacy, freedom and civil liberties.

The  Future: Protecting Your Rights

From the time the Internet was a baby, regulators have had a hard time catching up with everything it can do. Personal data has been collected, stored, shared and sold without many limitations — by everyone from advertisers to hackers.

It’s time for a change.

We’re looking forward to a future where data is protected, kept safe, and used to create better experiences for customers.  This type of future requires us all to care about how our data is used. Learn about your data — and help build a more beautiful Internet.

ACTION: 11 Secrets That Will Make You More Secure On The Internet – a brilliant and super actionable list by Eric Barker.

Annabel Youens

About Annabel Youens

I'm a co-founder and CMO at AE. I believe that truly successful internet businesses have to connect people. {wave} When I'm not online I'm exploring beautiful Vancouver Island. Things I love: everything scifi, literary fiction, coffee, Google Music, my workhorse sewing machine and board games.