In May 2018, the new General Data Protection Regulation (GDPR) will take effect, applying to the vast majority of organizations across the world and signaling one of the most significant changes in data protection regulation to date. The GDPR, focused on notice, consent, control, and security, will mean that websites are obligated to A) let users know what information is being collected, B) protect the user data they collect, and C) delete a user’s information at their request. We are likely to see a heightened awareness that organizations are collecting all kinds of personal data online as a result of GDPR, similar to what is now occurring under existing EU privacy rules.

These changes should also raise questions for many people about the value they place on their privacy, and reinforce their desire to remain private, or even anonymous, online. Privacy is a hot button issue, with arguments flying in from both sides: “You have no right to my personal data!” or “Who cares, I have nothing to hide!” The problem is, by not keeping even the most general online information about yourself private and away from data collectors, you allow attackers to access this information and leverage it against you in a variety of ways. Hackers are getting smarter, and even the most suspicious targets can fall victim to sophisticated social engineering and phishing attacks.

While a user can opt out of data collection under GDPR, this choice would mean giving up access to a site or resource they have likely come to rely upon in their daily life. While users have the option to request that their data be deleted down the road, many will never take the steps to do this. And, while there may be small changes as laws or technology push back against data collectors, tracking is here to stay. User data ultimately drives the internet economy and provides businesses with a massive incentive to keep capturing and leveraging as much user data as possible.

Anonymity is a technological veto of data collection connected to your identity. By using appropriate tools and practices, you can prevent websites and services from gathering information about you and your activities. Unfortunately, achieving total anonymity requires giving up most of social media and many other very popular aspects of the internet. To maintain anonymity, you need to avoid posting any identifying information or connecting any of your activities with accounts, addresses, images, or even writing patterns that are used under your real name.

While the GDPR is working to maintain user security and privacy as companies continue to collect our data, the massive sharing of personal information on social media raises the question of what we even mean by “privacy” on the internet: Privacy of what, from who?

Check out The CyberWire Podcast for my full interview on GDPR and the Safari browser’s new privacy feature here.