In 2000, the US Federal Trade Commission was ready to act. Commissioners had studied how internet companies handled personal data. Their conclusion was blunt. Self-regulation had failed. They recommended federal legislation to protect online privacy.
Then September 11, 2001 happened. And everything changed.
Privacy legislation vanished overnight. The political conversation shifted entirely to security. As former Clinton privacy counselor Peter Swire later explained, “Congress lost interest in regulating information usage in the private sector.” In that vacuum, a new kind of capitalism quietly took root. One that would reshape the relationship between you and your technology forever.
What Is Surveillance Capitalism?
Surveillance capitalism is a term coined by Harvard professor Shoshana Zuboff to describe an economic system built on one core idea: your behavior is raw material.[1] [2] Every search you run, every app you open, every step your fitness tracker records. It all gets collected, analyzed, and turned into predictions about what you’ll do next.
Those predictions get sold. That’s the business.
You’re Not the Customer, You’re the Supply
Here’s the part most people miss. When you use a “free” app, you’re not the customer. You’re the supply chain. Your behavior generates what Zuboff calls behavioral surplus.[1] That’s the data left over after a service gives you what you asked for.
- You search for a recipe. Google gives you the recipe. That’s the service.
- But Google also records what you searched, when, where you were, what device you used, and what you clicked next. That’s the surplus.
- That surplus gets fed into machine learning systems that predict your future behavior.
- Those predictions are packaged and sold to advertisers. That’s the product.
Google didn’t invent this model on day one. The breakthrough came around 2001 with AdWords, which figured out how to turn behavioral surplus into targeted advertising gold.[1] The entire business model depends on capturing and selling your attention. By 2016, 89 percent of Google’s parent company Alphabet’s revenue came from targeted advertising programs. Facebook followed the same playbook after hiring Sheryl Sandberg from Google in 2008 to replicate the model.[1]
Recent scholarship frames surveillance capitalism as a geopolitical system with institutional scaffolding. It’s grounded in regulation (or its absence), legitimized by economic theory, promoted by trade rules, and protected by powerful states.[3] Daniel J. Solove’s 2025 research warns that this system doesn’t just threaten privacy. It can empower authoritarian governments by creating infrastructure that makes mass surveillance cheap and easy.[3]
“We have better information than anyone else. We know gender, age, location, and it’s real data as opposed to the stuff other people infer.” - Sheryl Sandberg
Recommended read: The Age of Surveillance Capitalism by Shoshana Zuboff. The definitive account of how tech companies turned human experience into free raw material for profit.
Your Body Is Being Tracked, Right Now
Surveillance capitalism didn’t stop at your search history. It moved into your body. Your fitness tracker, your health apps, your smart watch. They all feed the same machine. The Internet of Things has amplified this dramatically, as everyday devices from smartphones to smart home appliances now collect and transmit personal data about your daily habits and preferences. All that data feeds the algorithms that keep you scrolling. And the science now confirms that brain rot from that scrolling is measurably real.
Fitness Trackers and the Data They Actually Collect
A research team studied popular fitness trackers and found something alarming.[4] The trackers were transmitting far more data than they needed to function:
- Device identification numbers that could link your fitness data to your specific phone
- Precise GPS coordinates transmitted passively and continuously
- Bluetooth MAC addresses that let any nearby third party track your movements
- None of this data was necessary for the tracker to actually work
The researchers concluded that consumers “overestimate the extent of security measures and underestimate the breadth of personal data collected by fitness tracking companies.”[5] Of the nine trackers studied, only Apple randomly generated new MAC addresses to protect users.[4]
Health Apps Are Even Worse
Think fitness trackers are bad? A study published in the Journal of American Medicine examined 211 diabetes apps.[6] What they found was staggering.
| What the App Does Behind the Scenes | Percentage of Apps |
|---|---|
| Modifies or deletes your information | 64% |
| Reads your phone status and identity | 31% |
| Gathers your location data | 27% |
| Views your Wi-Fi connections | 12% |
| Activates your camera | 11% |
| Reads your contact lists or call log | 4-6% |
| Activates your microphone to record you | 4-6% |
Here’s the kicker. Of 211 apps, 81 percent had no privacy policy at all. Of those without policies, 76 percent shared your sensitive health data with third parties. Of those that did have privacy policies, 79 percent still shared your data. Only about half admitted it.[6]
Zuboff suggests we should stop calling them “privacy policies” and start calling them what they really are. Surveillance policies.[1]
The Wearable Future
The data grab is accelerating. Google has developed internet-enabled fabrics with sensors woven directly into clothing. Researchers are developing electronics that attach to skin as tattoos. Fingernails and wrists are becoming computational interfaces.[1] Wearables capture “contextual activity, health, and emotional state” data that can be used to tailor products and marketing messages “to a very high degree.”[1] Research suggests that living under constant monitoring actually rewires your brain, making you more anxious and self-censoring over time.
Recommended read: Mindmasters by Sandra Matz. How big data reveals the most intimate details of your psychology and enables others to influence your choices.
How Your Personality Gets Weaponized
Collecting your data is only step one. The real power comes from what companies do with it. They build a psychological profile of you. Then they use it to predict and change your behavior.
IBM’s Personality Machine
In 2015, IBM opened its Watson Personality Service for business.[1] The system goes far beyond basic demographics. It assesses each individual across:
- Five personality factors (openness, conscientiousness, extraversion, agreeableness, neuroticism)
- Twelve categories of needs including excitement, curiosity, closeness, liberty, love, and stability
- Five value dimensions covering self-transcendence, tradition, hedonism, achievement, and openness to change
The system promises “limitless” applications. Customer service agents see your personality data displayed at the exact moment they contact you. Marketing messages get matched to your psychological profile. People rated as moral, trusting, and agreeable are targeted first because they’re more likely to respond.
Think about that for a moment. The qualities most of us try to teach our children. Kindness. Trust. Openness. These are being repurposed as vulnerabilities for profit.
Cambridge Analytica and the Prediction Arms Race
Researcher Michal Kosinski developed methods to predict personality from digital footprints.[7] He later admitted his own work was “pretty creepy” and stressed that many things “one can do should certainly not be done by corporations or governments without users’ consent.”
But once the methods exist, the market finds suppliers. Cambridge Analytica used similar techniques to build voter profiles and influence elections. These personality profiles became the perfect ammunition for propaganda campaigns delivered through social media. IBM, Facebook, and countless smaller firms all joined what Zuboff calls the “prediction imperative.”[1] The race to know you better than you know yourself.
“All of our interactions are being mediated through digital products and services, which basically means that everything is being recorded.” - Michal Kosinski
Recommended read: The Chaos Machine by Max Fisher. How social media algorithms prey on psychological frailties and drive users toward extreme behavior.
The Privacy Laws Are Finally Catching Up
For two decades, surveillance capitalism grew without meaningful legal constraints. That’s starting to change. But the progress is slower and messier than it should be.
The State-by-State Patchwork
As of 2026, twenty US states have comprehensive privacy laws in effect. Indiana, Kentucky, and Rhode Island joined the landscape in 2026, each largely mirroring the template set by Virginia’s Consumer Data Protection Act. Rhode Island’s law stands out with notably low applicability thresholds. It covers entities that control or process data of at least 35,000 consumers, or 10,000 consumers if more than 20 percent of revenue comes from selling personal data.
Key 2026 changes across states include:
- Expanded sensitive-data definitions that now cover neural data in some jurisdictions
- Youth-specific protections with age-appropriate design requirements (Connecticut, Arkansas)
- Geolocation restrictions limiting how precisely companies can track your movements
- Universal opt-out mandates requiring companies to honor Global Privacy Control (GPC) signals in California, Colorado, Connecticut, and Oregon
- New consent UX expectations that make it harder to bury tracking permissions in confusing interfaces
California expanded its data broker registration requirements, mandating more detailed disclosures and streamlined deletion request processing. It also enacted new consumer health data privacy protections.
GDPR Shows What’s Possible
The European Union’s General Data Protection Regulation has accumulated 5.88 billion euros in fines since 2018.[8] [9] EU data protection authorities remained active in enforcement, particularly regarding transparency, lawful bases for processing, and cross-border data transfers.[9]
The EU introduced its Digital Omnibus package, proposing targeted amendments to GDPR and related regulations. Changes aim to simplify compliance, enable AI innovation, and streamline breach reporting, with the legislative process extending into 2026 and implementation likely starting in late 2027.
What’s Still Missing
Despite the progress, there’s still no comprehensive federal privacy law in the US. The FTC continues to bring enforcement actions under its unfair and deceptive practices authority, with particular attention to sensitive data, biometric information, children’s data, and artificial intelligence. But enforcement through existing authority is a patch, not a solution.
| Privacy Protection | US Approach | EU Approach |
|---|---|---|
| Federal law | None | GDPR (since 2018) |
| State laws | 20 states (patchwork) | Unified across 27 countries |
| Enforcement fines | Limited, case-by-case | 5.88 billion euros and counting |
| Right to deletion | Available in some states | Universal right |
| Opt-out mechanism | GPC mandated in 4 states | Opt-in consent required by default |
Recommended read: Means of Control by Byron Tau. The hidden alliance between tech companies and government that built America’s modern surveillance state.
How to Take Back Some Control
You can’t opt out of surveillance capitalism entirely. But you can reduce your exposure and make more informed choices.
-
Read what you’re agreeing to. Most people skip privacy policies. That’s by design. They’re deliberately long and confusing. But checking app permissions before installing can reveal a lot. Does a flashlight app really need your contacts?
-
Audit your app permissions. Go through your phone settings right now. Revoke location access, microphone access, and camera access for any app that doesn’t genuinely need it. Pay special attention to health and fitness apps.
-
Enable Global Privacy Control. In 2026, GPC is legally mandated in California, Colorado, Connecticut, and Oregon. Browsers like Firefox and Brave support it natively. Once enabled, it automatically sends opt-out signals to every website you visit.
-
Use privacy-focused alternatives. Switch to browsers like Firefox or Brave. Use search engines like DuckDuckGo. Choose messaging apps with end-to-end encryption. Every switch reduces the surplus you generate. It also helps break the dopamine loops that apps use to keep you scrolling.
-
Disable ad tracking. Both iPhone and Android have settings to limit ad tracking. On iPhone, go to Settings, Privacy, Tracking, and turn off “Allow Apps to Request to Track.” On Android, go to Settings, Privacy, Ads, and delete your advertising ID.
-
Support privacy legislation. Individual action matters, but systemic change requires law. The fact that twenty states now have privacy laws shows momentum is building. Support organizations fighting for digital privacy rights. Vote for candidates who take data protection seriously.
The system thrives on your ignorance. The less you know about how it works, the more valuable you become. But awareness is the first crack in the wall. And walls can fall. As Zuboff reminds us, the Berlin Wall came down because people said “no more.”
Your data is yours. Start acting like it.
Recommended read: Stolen Focus by Johann Hari. Why our attention spans are collapsing and who profits from the destruction of our ability to focus.
Sources
What Is Surveillance Capitalism?
2. Harvard Professor Says Surveillance Capitalism Is Undermining Democracy (Harvard Gazette, 2019)
Your Body Is Being Tracked, Right Now
6. Privacy Policies of Android Diabetes Apps and Sharing of Health Information (JAMA, 2016)
How Your Personality Gets Weaponized
7. Private Traits and Attributes Are Predictable from Digital Records of Human Behavior (PNAS, 2013)
The Privacy Laws Are Finally Catching Up
8. GDPR Enforcement Tracker Report: Numbers and Figures (CMS Law, 2024)
9. DLA Piper GDPR Fines and Data Breach Survey: January 2025 (DLA Piper)
