I think what happened is that judges made a wrong decision early on. They said as long as Facebook or a website you’re visiting gives consent to take your personal data you don’t have to be asked for permission. I think that’s completely wrong. They misinterpreted the law. They should’ve protected privacy. Privacy is a fundamental value under our Constitution. Websites say, ‘You agreed to give it up.’ But is it likely we’d allow Facebook to say, ‘To use us you have to give up your right to vote or to have children’? What I’m trying to do is get our online rights in tune with the rights we have offline.Q. What’s the best way to protect ourselves online?

I’m in favor of an “opt-in” solution: They can’t do anything unless I actually request it. We could push for something like the Fair Credit Reporting Act. If I’m denied credit I’m entitled to know the reason and to correct inaccurate information. We should have these rights here, too. ... What astonished me doing research for this book was that with new technologies people initially said privacy was dead. But the courts have started to expand our privacy rights. The Federal Trade Commission is considering a “do not track” list sort of like the “do not call” list. Under that data aggregators can’t secretly follow you across the web unless you say it’s OK. It’s up to you to decide. ... There’s also an interesting move in Congress to protect minors from data being used against them, to protect kids when they reach the age of 18 so their lives won’t be over just because they liked a violent video when they were 14. When that gets passed, you’ll see adults say, “Why don’t I have the same right?”