Many websites are updating their privacy policies, leaving some with questions about what that means for the information they provide when they surf the internet.

The European Union enacted the General Data Protection Regulation on May 25. The GDPR refers to the ability of individuals to assert ownership of their own information and right to privacy. With this new regulation, websites with customers from the EU are changing their privacy policies to reflect the idea that the sites no longer own user information; instead, the user is considered the sole owner of their personal information.

Nishanth Rodrigues, Chief Information Officer for Ole Miss and the head of the IT department, said, while there is no United States equivalent to the GDPR yet, the act has prompted internet users to examine who they give their information to more closely.

Sites like Amazon, Facebook, Twitter and Google earn revenue from the gathering and distribution of personal information, Rodrigues said. While these sites are free to use, they require the sacrifice of user information.

“Google lives on your data. If it doesn’t have access to your data, its revenue model breaks,” Rodrigues said. “Many other organizations are starting to follow that similar model, where they live on user data, and if they don’t have access to it, it affects their revenue.”

One of the major guidelines, he said, is not putting anything online that could have an adverse effect in the future. He added that, even if questionable material is deleted from a personal profile, the ability for others to access that information still exists.

Targeted ads, cookies and geofencing are just some of the ways companies attract users and learn about them as people. For example, if a man searched online for a new pair of sneakers, but chose not to buy a pair, he could then log into his social media profiles to find the page flooded with targeted ads and sponsored content relating to the shoes the man searched for.

“It’s a complex algorithm,” he said. “You can subvert your immediate identity, but through correlations, they can still find out who you are or at least the type of person you are.”  

Geofencing is another tool used by companies to determine consumer traits. For example, if someone downloaded an app for their favorite grocery store, they would receive coupon alerts on their phone when they are in the vicinity of the store.

Disabling location services is another tactic Rodrigues recommended. Disabling access to location services for companies that might publish and share that information, like Facebook, he said, is key. To that end, Rodrigues also said, if at all possible, to avoid using the same login information for every website. Many have the option to sign in through Facebook, but doing so gives Facebook the right to share your information across platforms.

Facebook, in particular, has recently rolled out new ways for its users to control what information they make available, but Rodrigues said those filters are often not enough.

“Just because they’re not showing me ads that don’t pertain to me, doesn’t mean they don’t have enough information to do it,” he said. “All that means is, I have a facade of impression that they don’t have enough data on me, when they actually do.”

Rodrigues said, overall, he thinks time will have to pass to judge the effectiveness of the GDPR and other privacy-preserving measures, but taking the above precautions is a good place to start.