One of the problems is that there is actually no right to privacy written into the Constitution, in the USA. I was actually kind of surprised to realize this, taking Constitutional Law classes in college. It is, however, implied from other rights, as interpreted by the Supreme Court in many, many decisions.
Still, sometimes the lack of an explicit description of this right leads to problems, I think.
I think that normal people have every right to expect their personal lives to not be interfered with or published without their explicit consent. And I think that criminals lack the same right. However, sometimes this gets into treating everybody as though they were a criminal (such as inspecting the baggage of random airline passengers, or installing devices to scan all email at an ISP for possible illegal activity), and the fact of the matter is that the vast majority of people are not criminals, and don’t deserve to be treated like one.
Every time I’m subjected to some violation of my privacy without my consent, I feel like the state or the organization thinks I’m a criminal, and that doesn’t help anybody–me, the state, or actual criminals. It even leads to non-criminal people standing up for the rights of criminals, because if everybody is treated with a single blanket rule or law, then I’m forced to defend criminals as well.
No, I think we could use a little more “innocent until proven guilty” and a little more general consideration of the privacy of individuals.
Of course, at the same time, I don’t think it’s necessary to get paranoid about all your personal information on the Internet. It’s quite handy for a site to remember my credit card number, for example.
To a certain degree, I trust the retailer–I don’t expect them to be criminal. When they’re criminally negligent about my privacy, then that’s the time to deal with it, unfortunately. Otherwise you’re going to treat organizations with the same sort of blanket “everybody’s a criminal” attitude that I wouldn’t want applied to individuals.
So in brief, I expect normal people to be honest, I expect organizations to be reasonable, and I expect criminals to be stopped.
I would say that in the large, the problem of personal information on the Internet is a problem of the criminal misuse of that information by criminal or negligent organizations, not the problem of whether or not I gave them the information in the first place.
And also, the problem is much more a human problem than a technological one.