By clicking “I agree” today, we may grant permanent permissions to companies to use this data in the future in ways we may not anticipate.
This is why we need a different approach to privacy.
Our current approach is based on the principle of “notice and consent”. The regime requires digital companies to tell you about the data they are going to collect and how they are going to use it; and you must acknowledge and agree. The Notice and Consent regime underpins major online privacy laws in Australia and around the world and is powered by billions of ‘I agree’ clicks.
This sounds good in theory, but in practice it is false empowerment.
Even if I read all these legal paragraphs, what choice do I have? I either accept everything or I don’t have access to the service. These laws really just allow companies to collect whatever data they want, as long as the consumer can be forced to consent.
The truth is that Notice and Consent does not provide real notice and does not elicit real consent. As a basis for privacy, this is disingenuous.
The government is currently reviewing the Australian Privacy Act and released a detailed discussion paper late last year. It should be possible to replace Notice & Consent with a better structure.
We need to move to a model where government takes the lead in sanctioning the misuse of personal data, rather than placing the burden on individuals to ensure their own privacy across hundreds of digital companies. This can be achieved through a new standards-based approach that requires companies to meet minimum privacy requirements set by law. This would give some protection to the 82 per cent of Australians who are “consent-weary” and either unwilling (or unwilling) to manage their own privacy.
For those consumers who want to manage their own privacy, we need to offer more options. The choice of “I agree to all your terms” or “I do not agree and cannot use your service” is too binary. Instead of forcing consumers to make decisions through multiple consent requests, digital companies should provide people with simple tools to choose the levels of privacy they want at any time. Many of the biggest digital platforms have already empowered users to tailor their choices and change their minds over time.
We must also recognize that data has some societal value. The downside of giving people the right to hide their data is that there are many cases where we’re all better off sharing. We saw this most vividly during the pandemic, when revealing my personal movements through logging apps benefited the community by enabling tracking and tracing. We see this every day in politics, where the ability of researchers to use private health, tax, and social data allows us to design and evaluate more effective policies that benefit us all.
Instead of endlessly (and mindlessly) clicking “I agree,” we need a new privacy framework that truly empowers individuals and limits breaches of corporate privacy.