I'm sure we've all read some of the zillion of articles, threads, posts, comments et al on the subject of PII (Personally Identifiable Information) especially in the past few years. Most, close to all, that I've read are technical, i.e. how best to meet some regulation such as GDPR (there are many many across the world's jurisdictions). Very few seem to be taking a high level thoughtful view of the intersection of the legal definitions (therein bounding it's scope) of privacy and it's historical and current realities.

In an article I find cogent and thought provoking, Maciej Ceglowski (owner of Pinboard) does just that with Ambient Privacy [idlewords.com].

In the eyes of regulators, privacy still means what it did in the eighteenth century—protecting specific categories of personal data, or communications between individuals, from unauthorized disclosure. Third parties that are given access to our personal data have a duty to protect it, and to the extent that they discharge this duty, they are respecting our privacy.

...

The question we need to ask is not whether our data is safe, but why there is suddenly so much of it that needs protecting. The problem with the dragon, after all, is not its stockpile stewardship, but its appetite.

...

This requires us to talk about a different kind of privacy, one that we haven’t needed to give a name to before. For the purposes of this essay, I’ll call it ‘ambient privacy’—the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small details of our daily lives should pass by unremembered. What we do at home, work, church, school, or in our leisure time does not belong in a permanent record. Not every conversation needs to be a deposition.

...

Ambient privacy is not a property of people, or of their data, but of the world around us. Just like you can’t drop out of the oil economy by refusing to drive a car, you can’t opt out of the surveillance economy by forswearing technology (and for many people, that choice is not an option). While there may be worthy reasons to take your life off the grid, the infrastructure will go up around you whether you use it or not.

Because our laws frame privacy as an individual right, we don’t have a mechanism for deciding whether we want to live in a surveillance society.

...

All of this leads me to see a parallel between privacy law and environmental law, another area where a technological shift forced us to protect a dwindling resource that earlier generations could take for granted.

The idea of passing laws to protect the natural world was not one that came naturally to early Americans. In their experience, the wilderness was something that hungry bears came out of, not an endangered resource that required lawyers to defend. Our mastery over nature was the very measure of our civilization.

There's much more to the piece than what I quoted above, please take the time to go and read. I've been quite content with meeting GDPR and ePrivacy (most/all others have similar or lessor requirements). And while the foundation of my mindset on Privacy is not greatly dissimilar to that in the article I have never actually articulated it, as most webdev's I was too busy chasing the technical aka putting cart before horse.

Granted, what I might do does not affect actual law in place, however I can certainly not inappropriately transgress. For the times they are a-changin'. Yet again. And I see yet another potential competitive advantage...