Abstract: Disclosure of the NSA’s PRISM program demonstrated that Internet companies have become prime targets of government surveillance. But what role do companies themselves play in putting users’ privacy at risk? By comparing the changes in the privacy policies of ten companies—the nine in PRISM plus Twitter—I seek to understand how users’ privacy shifted. Specifically, I study how company practices surrounding the life cycle of user information (e.g. collection, use, sharing, and retention) shifted between the times when companies joined PRISM and when PRISM news broke. A qualitative analysis of the changes in the privacy policies suggests that company disclosure of tracking for advertising purposes increased. I draw on business scholar Shoshana Zuboff’s conceptualization of “surveillance capitalism” and legal scholar Joel Reidenberg’s “transparent citizen” to explain the implications such changes hold for users’ privacy. These findings underscore why public debates about post-Snowden privacy rights cannot ignore the role that companies play in legitimizing surveillance activities under the auspices of creating market value.