And there's no guarantee what is collected by the private sector will stay with the private sector. "The government has a huge number of tools to get data from private companies," said Chris Calabrese, senior policy director at the Center for Democracy and Technology. "That's obviously a very difficult situation for companies to be in."
Law-enforcement agencies are looking for even more ways to access private companies' data. Some social-networking sites have begun encrypting the data that's sent through their servers, prompting the FBI to ask companies to make their data available to the agency when asked.
"We suggest, and we are imploring, Congress to help us seek legal remedies towards that as well as asking the companies to provide technological solutions to help that," said Michael Steinbach, assistant director of the FBI's counterterrorism division, at a congressional hearing Wednesday. "Privacy above all other things, including safety and freedom from terrorism, is not where we want to go."
Still, comparing NSA spying and private-sector data-gathering is "a little bit apples to oranges," Calabrese said."There's real concerns around government overreach that have to do with our constitutional values and what we care about as a nation."
Unlike the private sector, Rottman said, "government can take your life or liberty."
When users sign onto Google or Facebook, they choose to give up their personal information in order to get valuable services from the companies, which sets up a dynamic fundamentally different from government surveillance.
But more often than not, Calabrese says, user consent is not enough to justify data collection, because of the lack of transparency in the process. "People aren't always aware of the amount of information being collected about them when they surf online," he said.
"People should be voting with their feet when companies aren't supporting the most aggressive privacy policies," Rottman said. But users are often not informed voters. "You can't vote with your feet unless you know you need to vote with your feet," said Rottman.
Although the Senate's attention has been caught up lately in the debate over government surveillance, legislation introduced earlier this year aimed to bolster data privacy by placing limits on the private sector.
Sen. Ed Markey, D-Mass., is behind two such bills this year. Along with Sen. Orrin Hatch, R-Utah, Markey reintroduced legislation last month that would place security requirements on companies that deal in student data and would forbid them from using student data for advertising.
Markey also reintroduced a more general bill in March aimed at improving the accuracy of personal information stored online. It would require "data brokers"—that is, companies that collect and sell personal data—to have a system by which users can verify that their information is correct and to allow users to choose not to make their data available for marketing.