Even though the concept of privacy should in theory be self-explanatory to everyone, it nevertheless remains one of the most controversial, underappreciated, and dangerously misunderstood topics within cybersecurity and the IT industry in general. While some individuals, non-profit organizations, and even governments still hold privacy as a sacred right of every person and are ready to fight for it using both legislation and technology, countless people seem to have stopped caring years ago.
You have zero privacy anyway. Get over it!
That, of course, is the famous quote from Scott McNealy, former CEO of Sun Microsystems, from 1999. Truly, the man was ahead of his time! But is privacy still relevant now, in 2025? Is it reasonable to continue mentioning it together with data protection? Let’s take a look, starting with a basic definition.
Privacy, at its core, is just a person’s right to be left alone. In a broader sense, it usually means the ability to have agency over one’s identity, activities, communications, and personal data. Unfortunately, people often have numerous misconceptions about the concept itself and its implications on their lives.
One of the often-heard claims is “I have nothing to hide, so I don’t need privacy”. However, privacy is not about hiding something illegal, but being able to decide who is allowed to see your activities at all. It also does not just include personal data like your address or credit card number, but also covers your location, behavior, communications, and other habits. Would you be comfortable if anyone could listen to your phone calls, photograph your kids, or browse through your bank transactions?
Another grave mistake is to assume that the existence of data protection regulations like GDPR guarantees your privacy. This cannot be further from the truth. Companies may still collect your personal data either under legal exceptions or through deceptive means – their gains can justify any potential non-compliance fine. Furthermore, not even every government values your privacy as much as it claims to.
Old Man Yells at Cloud
For example, the Investigatory Powers Act that just went into force in the UK gives the government the right to order any technology company to hand over access to encrypted data they are storing. This means that despite introducing their own version of EU GDPR earlier, the UK authorities can force any business to disclose their customers’ personal data just because “won’t somebody please think of the children”. Apple, a large international company, has already publicly defied these requirements and even discontinued their end-to-end data protection capabilities in the UK because they essentially just became illegal. Unfortunately, smaller companies based in the country itself have no such luxury.
Of course, one cannot talk about privacy and ignore the elephant in the room: Artificial Intelligence. The rapid emergence of AI assistants in just about every line of work has quickly undone years of educating users about security and privacy. Who cares about all this nonsense, when an AI model, which is running who knows where and controlled by who knows whom, can take over large parts of your job with minimal effort? Not only are people throwing their own personal data at AI service providers, but they are also more than happy to do it with the sensitive data of their customers, which is technically still very illegal.
Of course, the influence of AI does not end with mere convenience. We also hear a lot about AI-generated deepfakes and synthetic identities that enable new ways of fraud and social engineering. AI models are also much better than humans at inferring sensitive information about individuals, even using anonymized data sets.
Finally, the AI companies are scraping the entire internet in an effort to harvest more data to train their models on. Combined with the growing risks our current encryption technology is facing, we can conclude that our privacy has never been protected less than now. And the future does not look any more promising.
Can Privacy Still Sell?
Given that most private people no longer care about their privacy nearly enough to actively seek its protection, and that most organizations can gain so many benefits from unethical or plainly illegal collection of personal data, the new billion-dollar question for the entire data protection industry is: is it even still worth it? Can vendors win new customers and close bigger deals if they are offering better privacy protection in their products?
To be honest, I have no answer to this question. I do not even feel qualified enough to make educated guesses. What I do know, however, is that to answer this question properly, people from many different industries must get together and seek advice from real thought leaders. And I know one great place to find those…
This May, join us in Berlin at the European Identity and Cloud Conference 2025. Not only are you going to see me attending it for the 18th time, but also meet numerous experts, practitioners, and thought leaders getting together to discuss the most important identity-, security-, and privacy-related topics that will shape the industry for years to come.