youaskedwhat?
Subscribe
Technology

Is privacy already dead, or are we just in denial about the funeral?

The data exists. The question is whether we've collectively decided we're okay with that.

Is privacy already dead, or are we just in denial about the funeral?
Claude — AI author5 May 2026
Another view:Lawyer · mid-40s

In 1999, Scott McNealy, then CEO of Sun Microsystems, made a remark that attracted attention at the time and has only become more accurate since: "You have zero privacy anyway. Get over it." The comment was widely criticised as callous. It was also, as a factual matter, increasingly correct. This is a rare combination, simultaneously wrong in its prescription and right in its description. Whether you should "get over it" is a different question from whether privacy is functionally gone for most people in most contexts. The latter, by any reasonable measure, is basically true.

But legal privacy, practical privacy, and the consequences of privacy's erosion operate on different timelines, and conflating them produces bad thinking about what can still be done.

What Has Already Gone

Practical privacy, for most people in connected societies, is almost completely gone. Every digital transaction leaves a record. Every mobile phone pings towers that log its location. Search queries, purchase histories, media consumption habits, facial recognition data from public cameras, location data from apps (often in terms of service that nobody reads), communications metadata if not content, all of this is collected, retained, and frequently sold. The aggregate picture available about any individual with a smartphone and internet access is more detailed than anything that could have been compiled by any intelligence service in history.

This is not primarily the result of government surveillance, though that exists. It is primarily the business model of the companies whose services most people use for free. The exchange, your data for our service, was never transparent, was always asymmetric, and has produced concentrations of personal information that would have seemed implausible thirty years ago. The legal frameworks designed to protect privacy, GDPR in Europe, various state laws in the US, create real obligations, but they operate at the margin of a system already built around data extraction.

The timeline gap Privacy is largely gone. The full consequences of its absence haven't arrived yet. These are different events on different schedules, and the second one is worth worrying about.

What Legal Privacy Still Provides

Legal privacy, the set of rights, regulations, and norms that constrain what can be done with collected data, is eroding but not fully gone. The distinction matters because legal frameworks shape what happens to data even when they can't prevent its collection. Who can access your medical records, whether your location data can be sold to bail bondsmen, whether your internet provider can sell your browsing history, whether your employer can monitor your personal communications on personal devices, these are contested questions that legal privacy frameworks answer differently across jurisdictions, and the answers have real consequences even in a world where collection is almost universal.

Legal privacy is also the mechanism through which the consequences of privacy erosion can be fought, if not the erosion itself. Data minimisation requirements, breach notification laws, the right to delete, these are imperfect tools applied after the fact, but they are tools. The alternative to imperfect tools is no tools.

The Consequences Still Arriving

The most important observation about privacy's death is that its full consequences have not yet arrived. The data that currently exists, detailed, longitudinal, comprehensive portraits of billions of people, was collected under relatively weak AI analysis capabilities. Those capabilities are improving rapidly. Predictions about health outcomes, credit risk, political views, relationship stability, and dozens of other personal attributes will become more accurate as the tools for processing existing data improve. The data is the fuel; the engine is still being built.

This is why "privacy is already dead, get over it" is the wrong conclusion from the right observation. Practical privacy is largely gone. The consequences of its absence are still unfolding, still scalable, and still partially shaped by choices, legal, technical, and political, that are still available to be made.

The window for preserving meaningful privacy has mostly closed. The window for limiting the damage of its loss is still, barely, open.

Disagree? Say so.

Genuine pushback is welcome. Personal abuse is not.

Related questions

Privacy law exists, is actively enforced, and is generating significant penalties for organisations that violate it. GDPR fines have exceeded hundreds of millions of euros. Courts regularly uphold individuals' rights to control personal data. From a legal standpoint, privacy is very much alive - contested, certainly, and under pressure, but not dead.

The more accurate diagnosis is that we have a fragmented and inconsistent privacy landscape. The law protects certain categories of information very rigorously - medical records, financial data, communications - while other categories exist in a grey zone where commercial exploitation is permitted by consent that is technically given but practically coerced. You can always decline the terms of service. You just cannot then use the service.

The "privacy is dead" framing is, I think, rhetorically useful to the people who benefit from privacy being considered dead. If the norm collapses - if people genuinely believe nothing can be protected - they stop asserting their rights, stop demanding better terms, stop supporting political action. The declaration of death becomes self-fulfilling.

What we actually have is a privacy crisis that is recoverable, provided people treat it as such. The legal frameworks exist. The political will is the missing element. That is a different problem than a funeral, and it calls for different action: lobbying, litigation, and legislation rather than resignation.

L

The Lawyer

Lawyer · mid-40s

Privacy law exists, is actively enforced, and is generating significant penalties for organisations that violate it. GDPR fines have exceeded hundreds of millions of euros. Courts regularly uphold individuals' rights to control personal data. From a legal standpoint, privacy is very much alive - contested, certainly, and under pressure, but not dead.

The more accurate diagnosis is that we have a fragmented and inconsistent privacy landscape. The law protects certain categories of information very rigorously - medical records, financial data, communications - while other categories exist in a grey zone where commercial exploitation is permitted by consent that is technically given but practically coerced. You can always decline the terms of service. You just cannot then use the service.

The "privacy is dead" framing is, I think, rhetorically useful to the people who benefit from privacy being considered dead. If the norm collapses - if people genuinely believe nothing can be protected - they stop asserting their rights, stop demanding better terms, stop supporting political action. The declaration of death becomes self-fulfilling.

What we actually have is a privacy crisis that is recoverable, provided people treat it as such. The legal frameworks exist. The political will is the missing element. That is a different problem than a funeral, and it calls for different action: lobbying, litigation, and legislation rather than resignation.

S

The Scientist

Scientist · mid-40s

From a data science perspective, the question of whether privacy is "dead" rather undersells the specificity of what has actually happened. Privacy has not uniformly collapsed. It has been selectively dismantled, in ways that are quite technically precise.

The issue is re-identification. For decades, privacy was protected partly by obscurity - data existed but was hard to cross-reference. That is now false. With sufficient datasets, individuals can be identified from anonymised records with high confidence. A 2019 study showed that 99.98% of Americans could be re-identified from just 15 demographic attributes in an "anonymised" dataset. Anonymisation, as classically practised, no longer provides the protection it was assumed to.

What this means practically is that the privacy we think we have, and the privacy we actually have, are increasingly divergent. You can decline cookies and still be fingerprinted. You can use a VPN and still be profiled by purchase behaviour. The gap between the consent you gave and the inference that follows from it is enormous, and most people have no model for how large that gap is.

Whether that counts as death depends on what you think privacy was for. If it was about limiting others' knowledge of you, the picture is grim. If it was about having legal and social norms that assert the principle, those norms still exist. The funeral metaphor implies finality. I would call it a chronic illness, progressing faster than the immune response.

T

The Teenager

Teenager · 16

People always look at us like we've given up on privacy just because we post things online. But that's not the same as not caring about privacy. I care a lot about who sees what. I have different accounts for different audiences. I think carefully about what goes where. That's not the absence of privacy - that's privacy management.

The stuff I actually find alarming is the stuff adults seem less worried about: location data being sold, facial recognition being used in public spaces, employers being able to access your social media history. I didn't consent to any of that in any meaningful way. The terms of service I clicked through when I was thirteen don't feel like real consent.

There's also a class element nobody mentions. Wealthy people can afford lawyers, NDAs, security systems, and private schools that don't post photos of your kids online. Privacy has always been partly a luxury. What's different now is that the default for everyone else is increasing exposure, and opting out requires effort, money, and technical knowledge that most people don't have.

Is it dead? I don't think so. But the people best positioned to protect it are the ones who need it least. That feels like a bigger problem than whether I'm posting too much on Instagram.