Striking a Balance: Can We Preserve Privacy Amidst the Privacy Paradox?
Is there any way regulations or specific tools help improve users’ privacy behavior?
- Despite having a healthy (though declining) privacy awareness, there lies a gap in users’ privacy attitudes and behavior.
- Known as the privacy paradox, this wedge between knowing what’s safe and still acting to the contrary is eroding user privacy.
- Can regulations or specific tools help improve users’ privacy behavior?
The world’s privacy awareness is on the decline. According to NordVPN’s National Privacy Test, 61% of respondents have good digital habits, digital privacy awareness, and digital risk tolerance compared to 64% in 2022 and 66% in 2021.
The importance of shielding what we share online cannot be understated. More often than not, individuals must submit their personal details, such as full names, addresses, and mobile numbers, on electronic communication environments for several services.
However, despite having a healthy (though declining) privacy awareness, there lies a gap in users’ privacy attitudes and behavior. For instance, individuals underestimate the importance of reading terms of service and agree to share data by signing the End-User License Agreement, possibly at the expense of future impact on privacy.
The Privacy Paradox
Several research papers over the years have concluded the existence of the privacy paradox. Privacy paradox is documented as users’ tendency towards acting in privacy-compromising behavior online, “which eventually results in a dichotomy between privacy attitudes and actual behavior,” noted Susanne Barth and Menno D.T. de Jong from the University of Twente in their paper.
While risk perception may infer privacy protection knowledge, it may not necessarily motivate users to execute them strategically. Dr. Martin J. Kraemer, a security awareness advocate at KnowBe4, told Spiceworks, “It’s the difference between knowing what is good for me and doing what is good for me.”
“I know more sport is better, but sometimes that deep-fried-mars bar and a can of coke are just too appealing. That is to say that we sometimes become slackers in doing the right thing and sometimes are unaware of what the right thing is. The same goes for privacy.”
Kraemer highlighted the importance of not signing up for an AI service for something as important as taxes. Convenience often trumps common sense and knowledge that the AI service could share user data, though there’s a possibility that users are unaware of the consequences of sharing data. “We had to learn about tracking cookies before we started using ad blockers. Data aggregation and inference is still a black box to many users,” Kraemer said.
Dan Pinto, CEO and co-founder of Fingerprint, explained to Spiceworks that privacy paradox is also a function of cybersecurity, specifically in the identification of legitimate users vs. malicious ones. On one hand, greater privacy reduces the risk of data theft and identity theft. On the other hand, doing away with website cookies and other tracking mechanisms for browser privacy can stump developers in differentiating between legitimate and malicious users and bots.
“Browser restrictions often lead developers to lean on tools that create friction in the overarching user experience, including multi-factor authentication methods. It also increases the cost of building and maintaining applications, which is a cost that’s often passed to users,” Pinto said.
“From a science perspective, you cannot be too sure there is an actual paradox. The research is highly controversial and, since the paradox was first identified, has moved on to more sophisticated behavioral models. For example, our intentions might be moderated by emotions or values, not allowing us to act true to them. Some researchers have gone so far as to claim that the paradox does not exist from a scientific perspective. However, because we don’t live in lab environments where we can make perfect choices, but we are constrained by our environments and what service providers offer us, we often must compromise. This behavior appears different from an initially expressed attitude, but it only appears paradoxical, where given the circumstances and taking all options into account, it really isn’t.” – Dr. Martin J. Kraemer.
For instance, 95% of U.S. citizens know how to create a strong password, 92% of respondents are aware of the risks of sharing personal information like location on social media platforms, 88% know the risk of saving credit card details in web browsers, and 94% are suspicious of fraudulent streaming services on eBay.
Still, only 3% of U.S. respondents know and leverage online tools for digital privacy protection, while 13% know what internet service providers collect as part of the metadata. 85% don’t know how to secure home WiFi networks, 68% can’t identify a phishing website, and 64% are unaware of the importance of reading the terms and conditions of a service.
Additionally, 44% of U.S. respondents do not update their apps as soon as an update is available. Yet, U.S. respondents may be oversharing information with apps, NordVPN noted. American respondents said they allow apps to access more data than necessary.
See More: How to Turn Data Privacy Week into Data Privacy All Year
Is the Free Service Model To Blame?
Users are often offered free services in exchange for information. And since the privacy paradox exists, users may not necessarily shed the free service model for a paid one if it means they wouldn’t have to hand over their personal data.
“Given how things have progressed so far, it seems difficult to imagine that users would decide to pay for products. That is despite famous quotes such as ‘You are the product’ or ‘There is no free lunch,’ Kraemer said. “It seems unlikely that there will be a profound change without forcing service providers to change business models. Because data fuels AI and AI is where the money is, companies are unlikely to stop collecting any data they can get their hands on.”
While free certainly is a “strong motivator,” as Roger Grimes, data-driven defense evangelist at KnowBe4, puts it, there are some free apps, such as WhatsApp, Signal, Duck Duck Go, etc., that protect people’s privacy.
While policy interventions, including a fully decentralized internet and forming data unions, are yet to find firm ground, Kraemer believes tightening regulations for new technological developments, such as the European Union’s AI Act, is the way to go.
AI technologies can be leveraged to influence polity and user behavior, among other things. “There is a very real threat to our democratic societies. By giving up more data and being exposed to automated decision-making based on that data, we gradually give away our ability to make free choices, form opinions, and act accordingly,” Kraemer said.
“Algorithms will be able to sway opinions and influence us in other ways (see past US elections and interference, i.e., Cambridge Analytica scandal). Therefore, legislators must help people help themselves to protect democracy. The unregulated use and spread of data have the potential to send further shock waves through our democratic systems, as they contribute to taking away people’s agency. That agency is required for democratic participation.”
See More: How Synthetic Documents Can Abate Data Privacy Concerns
How Can Users Improve Their Privacy Behavior?
The best users can do is employ technical measures such as ad blockers, password managers, VPNs, and more, according to Kraemer. Users can also rely on alternative products and services. “As of now, users must compromise,” Kraemer said.
Regulations like GDPR and CCPA certainly can help. Kraemer pointed out how GDPR enables individuals to exercise control over data and rights such as the right to the erasure of data, the right to data transportability, or the right to the correctness of data.
However, they can and do fall short of instituting a privacy-by-design culture in development. Moreover, Kraemer explained that “privacy laws are generally important to balance private with public interest.”
Furthermore, privacy can also be considered an individual undertaking while a holistic approach becomes mainstream. “Each user should take the time to educate themselves about privacy issues and protections and adopt a standard, consistent way of dealing with their privacy,” Grimes added.
“How they handle privacy should be thoughtful and with decisions made ahead of time so that when the need arises in real-time to make a privacy decision, they already know how they feel and what their decision will be.”
The problem here is privacy fatigue. DataGrail’s The Privacy and Ecommerce Report 2022 discovered that 34% of users are overwhelmed with managing their online privacy. In this regard, transparency-enhancing tools can help, although they pose certain limitations. “Transparency-enhancing tools are great for fostering informed decision-making, allowing users to align their intentions better with their behavior,” Kraemer added.
“As users, we are often unaware of the consequences of our decision-making; for example, we cannot anticipate or see where data that we share is transferred. Research shows that creating transparency over data flows can influence user’s data-sharing practices. If we see that data is frequently shared with a Chinese advertising service, we might be less inclined to use a certain product.”
“Transparency is, however, not enough. If people are not enabled to make the better choice, then transparency leads to disempowerment and resignation. Only if there is a possibility to change the course of events, e.g., to stop a certain data flow, does transparency work. Without a possible action, there is no real agency for users.”
How can the government, private and public organizations, and individual users ensure greater privacy? Share your thoughts on LinkedIn, X (Twitter), or Facebook. We’d love to hear from you!
Image source: Shutterstock
MORE ON PRIVACY
- Privacy Sandbox: Envisioning Advertising After Google Kills off Third-Party Cookies
- The Value of Worker Data: Ethical Considerations and Competitive Advantage
- Big Tech Using an Army of Lobbyists to Defang Privacy Laws, Claims New Report
- Developing a Health App? Here’s How to Focus on Privacy
- How Radical Data Privacy Fuels Growth
