Recently Australia’s hotly contested metadata retention scheme began having an impact on the lives of ordinary Australians.

Under the scheme, phone and internet companies must store information generated when their customers make phone calls, send text messages, or use the internet. This does not include the content of those calls or messages, but information like the data, time, source and destination of those communications.

Just a few weeks into their operation and there’s already been a breach, after Federal Police admitted accessing a journalist’s metadata without a warrant.

So what are my online privacy rights?

Australians do have a right to privacy under information privacy laws, however earlier this year a Federal Court decision narrowed this right.

These laws only protect “personal information”, which is data that can or does identify an individual, as explained by Swinburne lecturer Jake Goldenfein..

That definition does not take into account the fact that individual pieces of anonymous information might identify the user when examined collectively through a process called data linking.

This means there is possibility that the government, or potentially someone who wrongfully gains access to this data, could match each individual bit of data, in order to identify the user it belongs to.

It’s not just governments that are interested in people’s data. A number of companies have been criticised for harvesting their users data for advertising purposes. In 2015 Facebook app Most Used Worlds, which at the time had been used by more than 17 million people, was criticised for giving advertisers access to virtually all of its users’ Facebook data.

Even as the interest governments and companies have in an individual's online footprint becomes increasingly obvious, people are doing little to protect themselves. Harvard Business Review suggests even people who say they have concerns about information privacy engage in uncensored discussion, have a large digital footprint, and give a wide range of external apps access to their data.

Why should I care?

Graduate students at Stanford university, have been able to show that metadata collected from phone records could identify sensitive information about callers including medical conditions, financial and legal connections, as well as family, political, professional, religious and sexual associations.

As long as this information is being stored digitally, there is the possibility it could be accessed wrongfully and made accessible to the public. That’s what happened to the Australian Red Cross Blood Service. Last year it was forced to apologise when the details of 555,000 blood donors were leaked online in one of Australia’s largest data breaches.

The information that was leaked included name, address, contact information, blood type and donation history, as well as answers to sensitive questions like “In the last 12 months, have you engaged in at-risk sexual behaviour?”.

What can I do to protect my privacy online?

• Consider using a VPN (E.g Tunnel Bear)

• Read privacy policies

• See which apps you’ve given access to your social media accounts.

• On Facebook you can find this by clicking on the settings page and then selecting Apps.

• On iPhone review the Privacy section in the iOS settings app.

• Google: visit myaccount.google.com and check out the Manage your Google Activity section.