How Can I Close the Gap? | The Privacy Gap

Closing the Gap

Most of us claim to value privacy while routinely sacrificing it through our online actions. This disconnect between our expressed values and actual behavior raises important concerns about our relationship with technology.

Ready to close that gap? The tools below help you align what you do with what you believe. Start small: refuse cookies and adjust your privacy settings. Each choice matters.

Privacy becomes real when you practice it. Let's start.

Community & Collective Action

Privacy is not merely an individual value but a social good requiring collective maintenance:

Engage with Legislative Processes

The landscape of privacy legislation is constantly evolving, with new laws under consideration. By actively participating in the legislative process, you can help shape the future of privacy protection. Your voice matters. Legislators need to hear from constituents who care about privacy issues.

State Privacy Laws Implementation: In 2025, eight new state privacy laws are going into effect, including in Delaware, Iowa, Minnesota, Maryland, Nebraska, New Hampshire, New Jersey, and Tennessee. These laws create new rights for citizens regarding their personal data. Familiarize yourself with your state's laws and exercise your new privacy rights.
Privacy Working Group Input: The House Committee on Energy and Commerce recently established a Privacy Working Group to gather input on what should be included in a Data Security and Privacy Framework. Follow the Electronic Frontier Foundation’s recommendations and contact your representatives to voice your support for strong federal privacy protections. Here is a link to find your elected officials.
California Delete Act Rulemaking Process: In 2023, the California Delete Act was passed. The statute is meant to improve the registration and transparency requirements for data brokers. While the law has been signed, the implementation is still in progress. Currently, the California Privacy Protection Agency is in the rulemaking process for the Accessible Deletion Mechanism. They opened a public comment period from April 25, 2025, through June 10, 2025, regarding the proposed regulations for this mechanism. Public comments may be submitted to the Agency electronically at regulations@cppa.ca.gov, or by mail at the address included in the Notice of Proposed Rulemaking. Please include “Public Comment on Accessible Deletion Mechanism” in the subject line. The Agency will also hold a public hearing to accept comments on June 10, 2025, beginning at 1:00 p.m. PST in Sacramento, CA. Details for attending the hearing in person or virtually can be found in the Notice of Proposed Rulemaking.
- If you're a California resident, you can contact your state representatives to express support for this legislation.
  - Here is an example call and email script
    - “Hello, my name is _________, I am one of your constituents. I live in _________ and my zipcode is _________. I'm reaching out to speak to you about the implementation of SB 362, the California Delete Act, which creates a one-stop mechanism for consumers to delete their personal information from data brokers. I'm particularly passionate about robust privacy protections in the Delete Act regulations because it will help protect our privacy by making it easier to remove our personal data from data brokers who collect and sell it without our knowledge or consent. I am asking for your support to ensure that the regulations developed by the California Privacy Protection Agency prioritize consumer rights and make the deletion process truly accessible and effective for all Californians. Thank you for your time. If needed, I can best be reached at _________ [preferred contact information].
HIPAA Security Rule Update: The Department of Health and Human Services proposed significant updates to the HIPAA Security Rule, which would require healthcare organizations to implement stronger cybersecurity measures, including conducting more thorough risk assessments. Though the initial comment period has recently closed, you can still contact your representatives to express support for robust implementation using the same template above.

Participate in Privacy Conferences and Events

Education and networking are powerful tools in the privacy movement. By attending conferences and events, you can deepen your understanding of privacy issues and learn about the latest developments in privacy protection. These gatherings bring together experts, and policymakers to collaborate on solutions.

IAPP AI Governance Global North America 2025: “AI Governance Global returns to Boston in 2025. AI governance, privacy and digital responsibility professionals will learn about governance, implementation, accountability and the EU AI Act while growing their professional network to help stay on top of the rapid advancements in technology.”
IAPP Privacy. Security. Risk. 2025: will take place October 28-31, 2025, in San Diego, exploring technology's role in privacy, AI governance, and digital responsibility.
The 38th International Conference on Privacy and Data Protection will be held July 7-9, 2025, at St. John's College, Cambridge, UK, bringing together privacy regulators, companies, law firms, and academics.
DC Privacy Forum 2025: Governance for Digital Leadership and Innovation: “The 2nd Annual DC Privacy Forum presented by the FPF Center for Artificial Intelligence will explore AI policy, critical topics in privacy, and other priority issues for the new administration and policymakers”

Join Digital Rights Organizations

There is strength in numbers. Digital rights organizations amplify individual voices into powerful collective action for privacy protection. These nonprofits work tirelessly to monitor privacy threats, educate the public, challenge invasive practices, and advocate for stronger protections. By supporting these groups, you contribute to a broader movement for digital rights.

Privacy Rights Clearinghouse: This nonprofit organization is committed to advancing data privacy for all by expanding access to information and advocating for stronger rights. Join their mailing list to stay informed about privacy issues and advocacy opportunities.
Electronic Frontier Foundation (EFF): The EFF is a nonprofit organization that defends civil liberties in the digital world. EFF champions user privacy and free expression through grassroots activism. You can become a member by donating to support their mission to defend civil liberties and human rights online.

Individual Privacy

#1 Most Important Tip: Decline Browser Cookies

Browser cookies are small text files that websites place on your device, essentially digital tracking tags that follow your online activities. Think of them as digital sticky notes that help sites recognize you when you return. While some cookies help remember your login information or shopping cart items, many exist primarily to monitor your browsing behavior and build detailed profiles of your interests—including sensitive health searches.

That's why declining cookies should be your default response when opening new websites, especially health-related ones. When those cookie consent popups appear, resist the temptation to click "Accept All" just to make them disappear. Instead, look for options like "Decline Non-Essential" or "Reject All" to maintain control over your digital footprint. This simple habit prevents third-party advertisers from connecting your health concerns across different websites and buiilding a detailed behavioral profile about your behaviors and values.

Add Your Number to the National Do Not Call Registry

The National Do Not Call Registry is a free government service designed to reduce unwanted telemarketing calls. You can register your number by visiting DoNotCall.gov or calling 1-888-382-1222 from the number you want to register.

Limitations to be aware of: While effective at reducing many telemarketing calls, the registry has important exemptions. Political organizations and companies with existing business relationships can still call you legally, even when you're registered. Additionally, the Registry doesn't actually block calls, it simply tells registered telemarketers which numbers not to call, meaning it doesn't stop illegal scam calls that ignore the regulations.

Password Protection & Authentication

The foundation of digital privacy begins with who can access your accounts. Authentication embodies the philosophical principle of identity verification—ensuring that only the rightful owner of information can access it, upholding autonomy and control. Consider these essential protections:

Password Managers: Create and store complex, unique passwords for each health service and patient portal.
- Bitwarden (Free, open-source)
- 1Password ($36/year, family plans available)
- KeePassXC (Free, offline storage)
Multi-Factor Authentication: Add a second verification layer to your accounts.
- Duo (Free, multi-device support)
- Authy (Free, multi-device support)
- YubiKey (Physical security key, $45+)

Browser Privacy Enhancements

Your browser is your window to the digital world (and potentially a window for corporations to peer into your activities at the cost of your autonomy). These tools address the philosophical tension between transparency (what we want to share) and opacity (what we wish to keep private), helping users maintain boundaries in digital spaces.

Privacy-Focused Browsers:
- Firefox with privacy settings enhanced
- Brave (Built-in tracker blocking)
Essential Browser Extensions:
- Privacy Badger (Learns to block invisible trackers)
- HTTPS Everywhere (Ensures encrypted connections)
- Consent-O-Matic (Automatically handles cookie consent pop-ups)

Patient Portal Security

Health data embodies the tension between individual bodily autonomy and the potential benefits of data aggregation for public health—a classic utilitarian versus rights-based ethical dilemma. Your medical records deserve the highest level of protection:

Audit Your Accounts: MyChart and other portal systems often have privacy settings hidden in submenus. The Patient Advocate Foundation offers a comprehensive guide to navigating patient portals.
Device Management: Many don't realize that patient portals show which devices have accessed your health records. Log out of unused sessions and remove old devices.
Download and Backup: The Health Insurance Portability and Accountability Act (HIPAA) guarantees your right to download your health records. The Office for Civil Rights provides a step-by-step guide for requesting records.

Health App & Wearable Privacy

Fitness trackers and health apps collect intimate data about your body and habits:

Privacy Settings Review: The Future of Privacy Forum offers a detailed consumer guide for auditing wearable privacy settings.
Data Sharing Controls: For Apple Health users, review Health Data Access & Sharing settings. For Google Fit, check the Google Fit Privacy Controls.
Third-Party Access Audit: Use MyDataCan tools to discover which third parties have your health information.

Know Your HIPAA Rights

The backbone of health privacy protection in the United States:

Summary of Rights: The Office for Civil Rights provides accessible guides to your privacy rights.
Complaint Process: If you believe your health privacy rights have been violated, the HHS Complaint Portal allows you to file a formal complaint.
Exceptions Understanding: Privacy Rights Clearinghouse explains when providers can share your information without consent.

Building a Personal Privacy Practice

Sunday Privacy Hour: Set a recurring calendar event one Sunday each month to review one aspect of your digital footprint each week.
- Password audit and update
- Health app permissions review
- Patient portal security check
- Browser privacy enhancement
Digital Decluttering: The Center for Humane Technology offers guides for mindful technology use that enhances rather than diminishes autonomy.

Ethical Decision Framework

When facing privacy tradeoffs, consider these questions:

Transparency Test: Would I be comfortable if everyone knew I was sharing this data?
Reversibility Check: Can this data, once shared, ever truly be deleted?
Necessity Evaluation: Is sharing this health data truly necessary for the benefit I hope to receive?
Future Self Consideration: How might my future self feel about this data being available?

"Privacy is not about hiding bad things. It's about protecting what's precious to you." — Edward Snowden

Remember that privacy is not about perfection or total withdrawal from digital life. It's about alignment. Bringing your actions closer to your values through conscious choices and practical steps is key. Each action you take narrows your own privacy gap, reducing inconsistencies in your philosophical values.

Closing the Gap​