Why privacy matters when "they already have your data"

This article is an op-ed piece written by Stanford Undergraduate student, Angela Nguyen '27 

Privacy is in a dire state. Roaming around Stanford's campus, I try to turn away when I pass a Flock Safety automated license plate reader camera (see their locations at deflock.org), knowing that they have been used to surveil groups including activists and immigrants.

While each digital choice is small, limiting what you share and who can see it, along with knowing the privacy implications, can be powerful.

People tend to think of privacy as something that only matters to people with something to hide. But as Meredith Whittaker, President of the Signal Foundation, puts it: ”We have a world that is defined by various power asymmetries in which those in power can often weaponize or misuse intimate information about us, information about our preferences and our patterns and our relationships and our vulnerabilities." While each digital choice is small, limiting what you share and who can see it, along with knowing the privacy implications, can be powerful. To understand why those choices matter, it helps to first understand what companies are actually doing with the data they collect.

Every feature and change is intentional

Data collection is an ongoing and expanding process (especially as AI requires more data), and the terms you agreed to last year may not reflect what a tech company is doing with your data today. This is function creep: when a tool built for one purpose subtly expands into others. 

Take Amazon Ring for example. It started as a doorbell camera (primarily for people to prevent package theft) and evolved into a network that can feed footage to law enforcement. Additionally, it almost integrated with Flock Safety’s license plate readers as a way to share video footage for crime investigations; they ended up cutting ties because it would take “significantly more time and resources than anticipated” (notably this shift came after Amazon Ring’s controversial Super Bowl ad). Meta’s Instagram recently added location maps for people to see others’ locations, is removing end-to-end encryption in direct messages, and even has a feature to add your school and class year if you tie the account to your university email—showing how these new features are collecting more pieces of information about each person. 

Additionally, company policies also shift with respect to broader questions about partnerships with the government—especially around defense and warfare. According to The Intercept, “[OpenAI’s] ‘usage policies’ page included a ban on ‘activity that has high risk of physical harm, including,’ specifically, ‘weapons development’ and ‘military and warfare,’” but removed the wording for military and warfare uses in 2024 given interest with partnerships from the U.S. Department of Defense. Every “feature” added and every change in policies is a deliberate decision that reflects a company's evolving interests (such as the increasing want for data), which may not always align with yours.

Data can always be repurposed

Data collection may not feel exploitative at first. But data can be reused for other purposes, such as for advertisements or tracking people. Innocent tasks where you input your information for shopping online, signing a petition, or even navigating a GPS can lead to data targeting. In 2022, a location data broker called SafeGraph was found selling information related to abortion clinic visits, such as Planned Parenthood. This included groups of people visiting, how long they stayed, and where they went afterwards. No matter your politics, it’s concerning that anyone can be subject to this type of privacy invasion. The unfortunate thing is that most opportunities to see who is selling your data happen after-the-fact. The easiest prevention for California residents is the Delete Request and Opt-out Platform (DROP) form; for those outside the state, you can visit the data broker sites and request opt-outs & data deletions or purchase services to do it for you.

Benefits, risks, & tradeoffs

The question is whether you are making those choices between privacy and convenience consciously or by default from a platform’s design.

Digital tools can make life easier, but the tradeoffs are concerning. The question is whether you are making those choices between privacy and convenience consciously or by default from a platform’s design. Every time you log into a new app using Google or Apple, you choose convenience over privacy. The same logic applies to digital wallets. A credit card company already tracks your purchases. When you add Apple or Google Pay, you are making this data visible to more corporations that can build a larger profile on who you are. 

Companies know that the easiest way to get your data is to offer you something in return. As someone who is generally reluctant to verify my university email through third party sites to avoid tracking, I recently made an exception in order to receive free LinkedIn Premium. When it comes to privacy, it's common for us to say the data is already out there, but it doesn’t take into account how surveillance and record linkage operate. I put data into two categories: personal characteristics—such as your face, biometrics, gender, socioeconomic status, sexuality, immigration status, or medical history—and digital behavior that reveals patterns about your location history, search queries, purchasing, or social media activity. Combined, they form a profile that can be used in ways you did not anticipate, whether by a company, a data broker, or entity that accessed that information through a breach. 

Each new data point increases the accuracy of your profile. LexisNexis, a data broker that has a database of 276 million people in the United States’ consumer information, even has contracts with the Department of Homeland Security (DHS). People who have requested data reports from LexisNexis have found lengthy documents of their personal information. So limiting new data points truly does limit your exposure.

In early 2025, the DHS and Immigration & Customs Enforcement (ICE) issued administrative subpoenas to tech companies in order to identify anti-ICE critics online. In a time where free speech is being restricted, events like these shouldn’t discourage you from fighting for what you believe in. These are individual choices you can make to reduce a larger data profile, but we should not accept unethical data practices from tech companies, federal agencies, and data brokers.

How to improve digital privacy

Each small choice has an effect on increasing your privacy, and these are the three principles that I like to use.

1. Avoid  - Every feature has a specific purpose and a potential means for harm. Before using a new tool, research what data it collects, who it shares that data with, and what happens to your data if the company is acquired or changes its policies. Much of this can be found in privacy policies.
   1. If you don’t want to read lengthy privacy policies & terms of service, there are sites that provide summaries like Terms of Service; Didn’t Read.
   2. In an era where AI models are trained on user-generated content or people, ambiguity and obfuscation (e.g. of your name, location, gender) is also a great choice to improve privacy. When I go to the airport, I simply say “I’d like to opt out” to avoid facial recognition identification at TSA screening. I want to avoid function creep and I don’t want AI models to improve at identifying (or surveilling) me in the long run.
   3. As inconvenient or hard as it can be, sometimes the best way to protect your privacy online is by creating an account manually, making a purchase as a guest, and even simply not liking or sharing posts on social media sites.
2. Prevent - Most platforms offer privacy settings that are not enabled by default. Turn off data storing settings on Google, use browser alternatives that collect less data by design like Tor or DuckDuckGo, and always be aware that a feature that protects your privacy today may be removed in the future.
   1. Additionally, within most phone settings, you can set location permissions for certain apps to “while using the app” instead of “always.” For photo/mic/video access, you can set these to “limited” or “none” instead of “all.”
3. Secure - Protect what you have! Use password managers (e.g. Bitwarden), enable multi-factor authentication (especially financial or educational sites), and be reactive if your information was breached. For data breach news, sites that I like to go to are TechCrunch, The Intercept, 404 Media, and The Verge.

For specific ways to increase digital privacy, the following charts show various technological use cases, their potential threat to privacy/surveillance concerns, example scenarios, and how to mitigate the privacy risks. 

"When you say ‘I don't care about the right to privacy because I have nothing to hide,’ that's no different than saying ‘I don't care about freedom of speech because I have nothing to say.’" –Edward Snowden

Angela Nguyen '27 is an undergraduate, majoring in computer science at Stanford University, critically researching U.S. surveillance technologies and AI systems through the lens of ethics and policy. In 2025, she researched surveillance cameras and sentiment in the Bay Area under the mentorship of Omar Solis, 2024-25 Ethics and Technology Practitioner Fellow, which she also presented about at a 2025 FAccT CRAFT session. As a legal intern at the New York City Commission on Human Rights and incoming public policy intern at CrowdStrike, she strives to ensure that technological advancements are created equitably and responsibly. At Stanford, she serves as the Student Liaison at the McCoy Family Center for Ethics in Society’s Ethics, Society, & Technology Initiatives, leads the Stanford Public Interest Technology Lab as President, and organizes programming with the Stanford Critical AI Group. She has been recognized as a 2025 CS Ed Week Rising Hero, Stanford Tech Ethics & Policy Fellow, and Stanford VPUE STEM Fellow.