This blog was first published in the Guernsey Press in September 2024. Bailiwick Data Protection Commissioner Brent Homan discusses how people increasingly value privacy while sharing more personal information than ever.
In today’s digital society you have undoubtedly heard, or pondered, the following: “Children these days share so much of their lives on the internet, they clearly don’t care about their Privacy!” or “why do folks give up their privacy to be chased by ads while shopping online?”
Such refrains have given rise to what some have called the “Privacy Paradox”, which can be described as follows:
While people say they care about privacy, their actions suggest otherwise as they quickly surrender their personal information online.
I have studied this with the Global Privacy Assembly and have concluded that there is no such thing as a “privacy paradox”. Just because people share their information doesn’t mean that they don’t care about their privacy.
Rather, I think the idea of a “privacy paradox” is partly rooted in a misunderstanding about what privacy actually means.
When people hear the word “privacy”, many incorrectly equate the term with “secrecy”.
But this is not the case – privacy, as it is viewed through the lens of data protection, is really about control over one’s personal information. And in a digital world where there has never been more information available relating to who we are, what we like, and how we live – control and autonomy over our personal information is indistinguishable from the exercise of freedom over our very selves. In its purest form personal freedom breeds unfettered choice. And this includes the right to decide what to share, or not share, about yourself.
To that end, you can value privacy and still click “yes” to share your location so that a food delivery app can get those pizzas on your table while they are still hot. And it is why individuals, including teens, who frequently share photos and stories on social media will also care deeply when their images or information are used for purposes that they did not expect or agree to – be it deep fakes or the targeting of personal ads.
They care because they have lost control and agency over their information, leading to a compromise of their freedoms and exposure to uninvited harms such as reputational damage and identity theft.
But hang on a minute. If we are truly honest with ourselves, when we are shopping or joining a new service online, we kinda know what happens when we arrive at that “terms and conditions” statement. Yep, we click. And have we read the statement and understood all that we are agreeing to? Probably not. I have personally been there.
We are busy people and we need to register for an event pronto or the spots will be gone. We are driven by the “get it done” mantra and may unknowingly be agreeing to receive marketing emails for all of eternity when we blindly click “agree”.
So that brings us back to the “Privacy Paradox” – how can we truly care about our privacy if we don’t even take the time to read and understand what is going to happen to our information when we click “yes”?
Well the answer to that question may lie in the voluminous terms of service that we encounter as consumers and the challenge of finding vital privacy information buried therein. According to the publication TechRadar, it would take almost 47 hours a month to meticulously read all those privacy statements and terms and conditions on the websites that we visit. Well suffice to say, "that ain’t happening".
So what if we turned the paradox around and approached it from a market failure perspective? Has getting the information you need for a service become so onerous and time-consuming that consumers simply give up and accept anything just to get through the process and use the service?
Interviewed as part of a privacy/competition study[1], the UK Competition and Markets Authority (CMA) suggested that the Privacy Paradox might really be a by-product of corporations’ lack of privacy engagement with individuals, as opposed to the expression of an individual preference (or lack thereof).
“In essence, it was proposed that many companies are choosing to do the bare minimum to comply with privacy regulations as opposed to meaningfully engage with their customers with respect to their privacy practices and options.”
Therein lies the solution to this paradox challenge - more simplified and comprehensible privacy communications. In essence, many data protection authorities have been calling on companies to tap into that massive talent-bank of ingenuity that they use for marketing services and find superior techniques to get individuals the privacy information they need, when they need it.
And there is cause for hope on this front, as some have embraced the challenge in the realization that respecting their customers’ privacy is the best way to earn trust. This is why you may be seeing more prompts for permission to access your camera, or address book, giving you the choice to say “yes” or “no” rather than finding out that your info has been accessed after the fact.
Companies are seeing the conversion of such positive “privacy transparency” measures into superior “customer loyalty” and it is hoped that others will follow suit.
At the end of the day, I am convinced that individuals care about their privacy more now, than at any other time in history. They thirst for the freedom and agency to control what happens to their information and who to share it with.
Quite ironically, this leaves the true privacy paradox being why organizations have been slow out of the gate to quench that thirst and reap the associated commercial rewards of customer loyalty and trust.
[1] Privacy and Data Protection as Factors in Competition Regulation, Digital Citizen and Consumer Working Group, Global Privacy Assembly, October 2021