Explore the world of online data privacy with this rich timeline. Revisit pivotal moments in our shared online history and discover actions that you can take today to increase your online safety.See an interactive version of this timeline at MyDataMyChoice.me
The Dawn of Data Privacy
The US Government Collects Data on American Citizens
Following President Lyndon Johnson’s decision to create a centralized database with every citizen’s information, citizens rise up in frustration.
Congress holds numerous hearings that a computerized national data bank could mean endless snooping and infringe on citizens’ rights. The project isn’t realized, however the Fair Credit Reporting Act of 1970, and the Privacy Act in 1974 are created.
The Internet Goes Public
Previously a military project, the Internet is opened up to the public. Entrepreneurs start earning money online. Users with dial-up connections access content they’ve never found in a library. Communication flourishes.
A Sting CD is the First Thing Sold on the Internet
On August 12, 1994, the internet enables the first e-commerce purchase. A Philadelphia resident uses his credit card to order a Sting CD on what is one of the first e-commerce websites. The purchase is encrypted with a program called PGP (“Pretty Good Privacy”).
Netscape Uses the First Cookie and Creates SSL
Netscape creates the first browser cookie. In 1994, it fulfills the same purpose as it does today: allowing companies to recognize users, track their activity on the Internet, and build a customer profile. Originally, Netscape created the cookie to recognize users who have already visited certain websites. The cookies are accepted by default. Users aren’t even notified of their existence.
Netscape also develops SSL (Secure Sockets Layer) as a way of securing communications between clients and servers on the Internet.
ACTION: Find out whether your browser is tracking you. Check with Panopticlick.
Amazon and eBay Launch Their Websites
The two events are widely considered to be the real start of the dot com bubble.
ACTION: Tired of impulse purchases. Delete Your Account.
ACTION: Stop the bidding madness. Adjust Your eBay Account (or just ask a trusted friend to change your password!)
The European Data Protection Directive Is Adopted
Following privacy concerns regarding the websites that started collecting customer data in the period of the first tech bubble, the European Union passes a directive governing the processing of personal data on October 24, 1995.
A New Way to Reach Your Audience
With the Internet, marketers suddenly have a new way to communicate to their potential customers.
Hotmail develops a free email service that opens up email addresses to the public (not just something for students or businesses anymore). Marketers can now reach thousands of prospects online.
Surfers Beware: The Electronic Privacy Information Center Reviews 100 Most Popular Sites
The Center concludes that data privacy will be one of the biggest challenges for the Internet, and they recommend creating privacy policies, enabling users to view their data and use the website anonymously should they wish to do so. Their goal is to add more transparency to the way data is collected and processed.
ACTION: Tired of being tracked by your browser? Block Invisible Browser Trackers.
PayPal launches as an online payment system and a money transfer tool used by e-commerce websites to process payments. The company regularly faces problems with regulations and fraud. To use PayPal, e-commerce websites have to share data with PayPal, and PayPal encrypted this sensitive financial information. It’s very similar to how PayPal operates today.
<h2″>The DoubleClick Merger Scandal
DoubleClick uses the Dynamic Advertising Reporting and Targeting (DART) system to allow advertisers to move their ads, track the number of clicks, and select which ads will be displayed to whom. The information they collect includes: Browser type, OS, ISP, bandwidth, date and time, and the IP address of visitors.
A privacy scandal erupts when DoubleClick announces they want to deanonymize ads data, infringing on the privacy rights of millions of consumers whose behavior had been tracked.
The Patriot Act, Total Information Awareness, and Surveillance Following 9/11
Following 9/11, the USA starts developing technology that will enable the government to gather, analyze and store local and international data locally.
The Patriot Act, passed six weeks after 9/11, lawfully broadens the surveillance powers given to the National Security Agency.
According to the New York Times’ 2005 reports, this decision allows the NSA to monitor “the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States.”
The Creation of Network Advertising Initiative
Following the DoubleClick scandal and other data privacy concerns, a group of industry experts form the Network Advertising Initiative (NAI) and publish a set of principles in coordination with the Federal Trade Commission.
In 2002, the NAI releases guidelines for the use of web beacons (behavior tracking code). The code that is used to track visiting and tracking patterns and install cookies is supposed to ask for consent when personally identifiable information is transferred to a third party.
The NAI also advocates for transparency and allowing website visitors to clearly see which information is being collected, and how it’s being processed.
Additionally, NAI-compliant ad networks are to give consumers a choice to opt out of being tracked and targeted with ads.
Online Credit Card Fraud
In early 2000’s, online credit card fraud increases due to insecure protocols used to transmit financial information over the web.
According to CyberSource, online retailers lose $1.5 billion in online revenue due to credit card fraud by the year 2000.
Google Launches AdWords
Google AdWords (now known as Google Ads) is initially released on October 28, 2000.
It uses cookie technology and keywords searched for by users to decide which ads will be displayed across their (then still budding) advertising affiliate network.
ACTION: Tired of telling Google what you do? Delete your Google account.
In 2003, Chris DeWolfe, Tom Anderson and Jon Hart establish MySpace — the first major social network. It is the largest social networking site in the world from 2005-2008.
MySpace only uses website and affiliate advertising to generate revenue. User data is collected from their website and their affiliate network to select ads for each visitor through behavioral targeting.
The Can Spam Law
Inboxes grow crowded as digital marketers email customers and spam becomes a very real problem.
The Can Spam Law and the Data Protection Act require all businesses to include an opt-out option in email communications. The law makes it mandatory for commercial email senders to provide opt-outs, state their physical address, and identify ads.
Rampant Web Attacks
2004 sees rampant hacker attacks. Web software vulnerabilities are hacked to intercept sensitive data. Some of the methods used are Trojans, keystroke loggers, and malware.
The Payment Card Industry Security Standards Council (PCI) is Formed
With the threat of cyber attacks and the rise of online shopping’s popularity, the PCI is formed to ensure that businesses comply with the security standards necessary for safe online shopping.
Facebook is Born
On February 4, 2004, Mark Zuckerberg, Eduardo Saverin, and others team up and create Facebook.
Originally, Zuckerberg creates Facebook’s beta version – Facemash – as a dating and meetup site for college students. Their profiles contain personal information and photos, and users get to decide who’s hot – and who’s not. This site attracts more than 450 visitors within the first four hours of launching.
Online Data Privacy Gains Traction
PCI Releases the First Unified Security Standard
New unified security standard is introduced, in an attempt to facilitate safer and more secure online shopping transactions. This standard is supported by five major credit card brands, including Visa and MasterCard.
This is the first security standard requiring all merchants (processing more than 20,000 card transactions per year) to comply.
Facebook Launches the First News Feed
Facebook launches the first News Feed. Facebook is accused of breaching user privacy. The news feed is modified to allow users to adjust some privacy settings.
Facebook Tries to Share Online Purchasing Behavior
Facebook pilots Beacon, a program that sends notifications to users’ friends when they make purchases online. This would allow Facebook to offer targeted ads. Users respond to Beacon by filing a class-action lawsuit and the project is scrapped. (This is not the end of targeted advertising with Facebook.
Google Introduces Street View
Google introduces Street View. Google cars start roaming streets worldwide, capturing images to show in maps.
Users are concerned with the level of detail shown in the images — streets, people, and homes are shown.
It is later revealed that Google cars also collected information from public Wi-Fi networks in 30 countries.
Google starts blurring individuals’ faces and car license plates in an effort to protect their privacy. Users are invited to flag photos that may infringe on privacy.
Google Acquires DoubleClick
Google moves into online display advertising, with the $3.1Billion purchase of DoubleClick, the largest online advertising company. This includes acquiring DoubleClick’s ad software, as well as relationships with web publishers and advertisers.
Facebook Launches Social Login
Facebook launches a social login service, Facebook Connect. Users can now log into a variety of sites using their Facebook profile. The “partnered” websites can access details about the users’ Facebook profile, including their full name, photos, wall posts and friend lists.
Twitter, LinkedIn and Google+ follow with their own social logins in 2009, 2010 and 2011, respectively.
Consumers begin to worry about online privacy. “Single Sign-On (SSO)” logins allow social networks to share user data with third parties — usually in the service of advertising. Companies can legally target users with advertisements based on their behavior across several “partnered” websites.
ACTION: Find out what Facebook knows about you and how to change that.
ACTION: Learn how to delete your Google account
ACTION: Delete yourself on other social networking sites
Appreciation Engine Begins!
In 2009, The Appreciation Engine (AE) is founded by Jeff Mitchell and Annabel Youens with a singular purpose: Use data to create a two-way relationship between businesses and consumers.
Vocal about their support of data privacy, AE has been steadily working on creating better marketing solutions that focus on customer experience.
Facebook Copyright Qualms
Facebook allows users to make their photos and videos private, but the default setting is still “public.” Status updates also remain public.
ACTION: Find out what Facebook knows about you and how to change that.
Permission-Based Email Marketing
By 2009, email marketers realize that many of their emails aren’t even reaching their prospects’ inboxes.
Marketers realize the main reason for email subscription opt-outs is lack of relevance. Permission-based email marketing shows up, requiring interested users to opt-in to email marketing. The results are higher open rates, more interested email recipients, and (perhaps) less spam.
Birth of Instagram
In October of 2010, Kevin Systrom and Mike Krieger launch Instagram – a photo-sharing social network.
Google Buzz Privacy Violation
Google settles Federal Trade Commission (FTC) charges of deceptive practices and consumer privacy violations related to their social network, Google Buzz.
The FTC complains Google is violating its own privacy policies by using Gmail data for its Buzz network without consent. Google ignored Gmail users’ rights to decline being included in Buzz, and uploaded Gmail user data to Buzz regardless of whether someone chose to join the social network or not.
The settlement bans Google from future privacy misrepresentations, requires the company to implement a comprehensive privacy program, and makes regular privacy audits mandatory until 2031.
Google Introduces the Omnichannel Experience
Google announces that it will consolidate user data across a variety of Google platforms to offer a better customer experience.
The program is implemented using Google Accounts, as opposed to scattered Google services users previously had to use. Now users can access everything from a single panel.
Facebook Acquires Instagram
Instagram’s competitors respond by creating privacy-friendly services.
Email Audience Segmentation and Targeting
Infusionsoft, an email marketing company, raise more than $71 Million, including $54 Million from Goldman Sachs, to keep working on a way to target email subscribers more accurately. In the early days, Infusionsoft tags email subscribers based on the websites they visit and the actions they take on them.
The DMA (Data & Marketing Association) reports that over 85% of marketers are segmenting their email lists.
The New Era of Data Privacy: the Good and the Bad
iCloud Under Attack
Hackers released not-so clothed pictures of celebrities stolen from their Apple iCloud accounts. The leak causes a huge uproar and prompts a review of cloud computing services with a special emphasis on private and personal data.
Experian, one of the world’s largest credit agency data brokers is hacked. This means 15 million people who applied for Experian credit checks have their personal information exposed including their names, addresses, social security, driver’s license and passport numbers.
ACTION: Sign up for notifications to find out if any of your personal information has appeared in a data breach.
Canada’s Anti-Spam Law (CASL)
The transition period for the implementation of practices outlined in Canada’s Anti-Spam Law (CASL) ends. The law requires everyone who sends email for commercial purposes to get explicit subscriber consent for receiving the emails in the first place.
Personal information stored by the US credit bureau is stolen through a security vulnerability. This affects 145.5 Million customers. The stolen data includes social security, drivers license, names, data of birth, and addresses.
General Data Protection Regulation (GDPR)
EU’s General Data Protection Regulation (GDPR) comes into force. This regulation outlines how consumer data can be collected, analyzed, transferred, and stored.
Businesses who in any way came into contact with EU citizens’ data have to follow the practices outlined in the regulation or face severe penalties.
ACTION: Find out more about your rights under the GDPR
California Consumer Privacy Act (CCPA)
California follows the EU’s lead in 2018 by creating the CCPA. Similarly to GDPR, the CCPA also outlines how businesses can collect, store and transfer consumer data from Californian residents.
ACTION: Find out more about your rights under the CCPA.
At least 21 Facebook Privacy Scandals
More than 21 Facebook privacy scandals take place in 2018. The most public of these scandals reveals that Cambridge Analytica, a British political consulting firm collected data from millions of Facebook user profiles and used it for political advertising.
Facebook has been facing severe backlash due to these scandals, with consumers calling for stricter regulations when it comes to online data privacy.
ACTION: Find out what Facebook knows about you and how to change that.
Safer Sites with the HTTPS Protocol
Google announces that not having a SSL certificate (HTTPS protocol) will now impact the ranking of websites. SSL certificates allow a more secure connection from web server to browser. By requiring sites to use a HTTPS protocol, Google contributes to a more secure Internet.
Zoom Flaw Gives Hackers Access to Webcam
In an attempt to create a frictionless experience for Mac users, a feature in the video conferencing app Zoom causes a vulnerability that allows an attacker to access a user’s webcam feed without them knowing.
First Cases of COVID-19 Reported to the World Health Organization
Now known as COVID-19, a new strain of coronavirus previously not encountered in humans breaks out in Wuhan, China. The virus is reported to the World Health Organization (WHO) in December after causing numerous cases of pneumonia.
As the number of cases drastically rises, 50 million people in Wuhan and nearby cities are placed under quarantine measures by the Chinese government to control the spread of the virus.
Authorities have all but shut down China’s Wuhan, a city of 11 million and a major transport hub, as coronavirus continues to spread. See satellite images of the empty streets https://t.co/b50khKEPx8 via @ReutersGraphics pic.twitter.com/xN8CtT9wG1
— Reuters (@Reuters) January 30, 2020
2020 and The Future: Protecting Your Rights
California Consumer Privacy Act (CCPA) Goes into Effect
Originally passed by the California State Legislature on June 28, 2018, the California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020.
The CCPA defines California residents’ personal data rights, allowing them access to their personal data and giving them agency over how that data is collected, sold, and disclosed.
World Health Organization Officially Classifies COVID-19 as a Global Pandemic
The COVID-19 virus spreads beyond China’s borders, causing outbreaks in countries throughout the globe. The World Health Organization classifies COVID-19 as a global pandemic due to the level of spread and severity of the outbreaks.
Countries all over the world begin enacting quarantine and lockdown measures to prevent the spread of COVID-19 as the number of cases skyrockets. These measures include shutting down all non-essential businesses and schools, as well as enacting social distancing measures to prevent contact between people.
Families torn apart as Italy goes into quarantine over coronavirus https://t.co/EIBI11hJ3L
— The Independent (@Independent) March 10, 2020
Zoom Privacy Concerns Increase as Daily User Count Balloons to Over 200 Million
As more and more countries put into place social distancing measures, the daily user count on the video conferencing app Zoom soars from 10 million in December to 200 million in March.
Instances of uninvited participants showing up in and derailing private Zoom conferences make headlines and Eric Yuan, Founder and CEO of Zoom, puts out a statement in response to privacy and safety concerns on the app.
Privacy Concerns Around COVID-19 Contact Tracing
Using smartphones to trace close physical interactions between individuals is proposed by public health experts and others in order to help mitigate the spread of COVID-19. For many, the idea raises concerns over privacy, freedom and civil liberties.
Apple and Google are building a contact-tracing technology that would rely on Bluetooth signals to let smartphone users know when they’ve come into contact with someone who has COVID-19. https://t.co/vA9Wm5HKUe
— NPR (@NPR) April 10, 2020
The Future: Protecting Your Rights
From the time the Internet was a baby, regulators have had a hard time catching up with everything it can do. Personal data has been collected, stored, shared and sold without many limitations — by everyone from advertisers to hackers.
It’s time for a change.
We’re looking forward to a future where data is protected, kept safe, and used to create better experiences for customers. This type of future requires us all to care about how our data is used. Learn about your data — and help build a more beautiful Internet.
ACTION: 11 Secrets That Will Make You More Secure On The Internet – a brilliant and super actionable list by Eric Barker.