Recently, Facebook has allowed users to access the archive of personal data that was collected from their platform. 

I downloaded mine yesterday and it is disconcerting how much data is collected and how many companies have access to that data. 

It shouldn't really come as a surprise. When you are being provided a product or service for free you should clearly be on notice that you are not the client or customer. Much like commercial television, we are just a means to generate revenue.

However, unlike commercial tv networks, Facebook has developed sophisticated systems for understanding more about us. 

So, what happened when I downloaded my data?

Firstly, I learnt that hundreds of companies or groups had my information. This ranged from large multinational corporations to small indy musicians. 

Facebook also had a full extract of my contacts list. This was so up to date that it included the number of a Thai takeaway that I had only put in my phone the day before. 

Further information that Facebook has includes all your friends, including those you've deleted, all messages you've sent, a record of what ads you've clicked on and more. 

For most people I suspect the real concern will be around the amount of companies that have access to their data and how this was provided. There are a few ways but the most common are:

1. Buying your data from companies that specialise in the collection of and sale of social media data.

2. Using cookies and pixels in web browsers to track you.

3. By you providing them your information, perhaps unknowingly, like through a rewards program. 

Absolutely everything that Facebook has done here is perfectly legal. How they share your data is included in their policies that form their terms of use. 

That may change soon. 

In the European Union a General Data Protection Regulation (GDPR) will come into effect on 25 May.

Under the GDPR organisations are held to account for the personal data they hold. It also formalises a concept known as the "right to be forgotten" which has previously been held to exist by the European courts. 

There is no indication yet that the Australian government will implement anything similar to the GDPR. 

This will be a rapidly developing space in government regulation over the next few years though. I'd expect that in a few years time we will have a vastly different privacy regime than we currently do. 

All the above taken into account, Privacy Law is an increasingly complex regulatory area for all businesses. Even Australian businesses may need to comply with the GDPR to certain extents. 

So, the take out? Privacy may be dead but it could make a comeback soon.