Max Schrems is no luddite. The law student was savvy enough to know that, if he requested it, Facebook would have to release all of the data it has collected on him since he joined. Even he, though, was taken aback by the amount of information Mark Zuckerberg's social network had on him.
When his report came back – all 1,200 pages of data – he saw details of friend requests he had ignored; people he had "defriended" and even items he had deleted from his account.
Yet everything in his file was information he had voluntarily given. His experience mirrors not only those of Facebook's estimated 900 million users, but those of everyone who has ever googled something, entered personal information into a website or – to some extent – even loaded a web page.
Today's headlines on the Government's so-called "snooper's charter" are about new powers for the police. But companies have been using internet users' data for good and bad for years. Google and Facebook are probably the most notable examples of sites that feed off the data their users give them. Both have targeted advertising. For those adverts to be worth the pixels they are printed on, they need users' information.
Those examples of pieces of information users routinely hand over, put alongside all of the data users volunteer while using a site, allow people to build up online profiles and to extrapolate what users might be interested in.
"One of the things if you look at any social-networking site, is that there are ways to slice and dice the information which is disclosed and what is done with it," David Enn, of the Russian online security firm Kaspersky Lab, said. "But, in many cases, you have to look very deep to work out how to configure it in that way."
Google, one of the highest-profile sites when it comes to data collection, is also one of the most transparent about how it uses that information. It has a section on its site where users can go to learn about how to manage which information they hand over and, by not signing in, they can remain anonymous.
Former chief executive Eric Schmidt, left, talked last year of building a "serendipity engine" to go beyond simply returning bland results to searches and inspire users to visit sites they had not even thought of. That requires a lot of personal data.
"Services like Facebook or Google already have an astonishing amount of information about most people," James Lyne, of the security firm Sophos, said.
- More about: