With the rapid development of the internet, our privacy is becoming increasingly delicate and increasingly concerning. But let’s be honest, when was the last time you actually read a privacy policy from start to finish? Don’t kid yourself—it’s never happened. Every time that “I agree” button pops up, we click it without a second thought, as if it were a ticket to a free app. But have you ever stopped to consider that this button is, in fact, a contract you’ve never even read? And the people on the other side of that contract are quietly turning your daily life into a commodity.
Imagine this situation: you’ve just been chatting with a friend about buying a pair of running shoes. As soon as you open your phone, a relevant advertisement pops up, as if it knew exactly what you were thinking. Your heart skips a beat, but then you tell yourself—it’s probably just a coincidence, isn’t it? No, it’s not a coincidence. Your phone has been listening all along; your data has been sold all along; and you, well, you signed that “consent form” a long time ago.
Why “I agree”is a joke
In our daily use of the internet, our privacy appears to be respected—after all, we are required to sign terms of service and privacy policies every time we register. Yet the truth is precisely the opposite. Suzor (2019) puts it succinctly: legally speaking, terms of service are merely consumer contracts, not constitutional guarantees. Users have no “rights”, only “permissions”. Platforms can terminate your access at any time and for any reason. This is the so-called “notice and consent” mechanism—one that, by its very design, makes it impossible for you to give genuine consent.
It is no coincidence that hardly anyone reads these terms and conditions. They are usually written in dense legal jargon, and you have no opportunity to negotiate. Platforms are careful to make almost no promises, whilst reserving almost all decision-making power for themselves (Suzor, 2019). Tech companies love to say, “We respect your choice.” But what choice do you really have? Either you agree to let them collect all your data and use the app for free, or you refuse—in which case, sorry, you can’t even open the app. Is that a choice? It’s like walking into a hotel where the room has only one door, with a sign on it reading “By entering, you agree to be monitored”, whilst the receptionist smiles and says, “You can choose not to stay.”
But the problem doesn’t end there. To understand why the “Agree” button doesn’t protect us, we need to look at it from a different perspective.
Nissenbaum (2018, p. 839) puts forward a key argument. What truly infringes upon our privacy is not the technology itself, but rather the technologies, systems and practices that lead to the inappropriate circulation of personal information. In other words, our anxiety about privacy stems not from a perceived “loss of control”, but from the fact that information ends up where it ought not to.
Meta’s “Pay or Be Tracked”
In 2025, the EU imposed a €200 million fine on Meta (the parent company of Facebook and Instagram). Why? Because Meta had introduced a set of “new rules”: EU users were forced to choose between two options—either pay a monthly fee for an ad-free version, or use the free version with personalised adverts. The EU’s conclusion was clear: this is not consent; it is extortion.
You might be thinking, “So why not just choose to pay?” The problem is that the vast majority of people won’t pay. Meta knows this full well. They want you to “voluntarily” choose to be tracked. It’s like a shopping centre with only one exit, where a sign at the door reads, “By leaving, you agree to a body search”—of course, you’ll “agree”, because you have no other way out.
The scholar Nissenbaum offers an insightful explanation for this: the issue of privacy is not whether “others know about you”, but whether “information has appeared where it ought not to”. There is no problem with telling a friend your birthday, but if advertisers use your birthday to profile you, that crosses the line. What Meta does is turn the happy moments you share on your social media into data packages sold to advertisers. As a result, advertisers can serve you advertisements perfectly tailored to you. This scholar offers an even deeper insight: contextual integrity reveals a fundamental truth—that society’s value system relies systematically on the appropriate flow of information (Nissenbaum, 2018, p. 849). It definitely challenges the misconception that “privacy is valuable only to the individual”. In other words, privacy does not merely protect you. It also safeguards society’s values as a whole. If everyone refrains from expressing themselves freely online for fear of data misuse, the space for democratic discourse will shrink. This is not just your problem, it is a problem for all of us.
Clearview AI and the “slow-motion” of Australian law
Karppinen (2017) points out that the debate on digital human rights has long been dominated by “negative rights”—people focus solely on government censorship, whilst overlooking the fact that commercial power can equally restrict our freedoms. A handful of large corporations hold “structural power”. Their algorithms determine what you see and to whom your data is sold. Your human rights are being eroded by commercial logic.
One of the most extreme examples is Clearview AI. This American company, which you’ve probably never heard of, has scraped over 30 billion facial images from Facebook, YouTube and even comment sections—including your selfies, group photos from dinner with friends, and that unflattering photo you uploaded ten years ago. It then turned these images into a facial recognition database and sold it to police forces around the world. And you, from start to finish, had no idea.
It took Australia’s legal system three years to respond: an investigation was launched in 2020, a ruling of illegality was handed down in 2021 along with an order to delete the data, and the arbitration tribunal upheld the ruling in 2023. However, Clearview AI withdrew from the arbitration proceedings immediately after the ruling, meaning that although the penalty decision came into force, it is virtually impossible to enforce. As of early 2026, Clearview AI’s database still contains millions of faces originally scraped from Australian users – and no court has been able to order its complete deletion. Your face has been sold, yet the law cannot bring it back.
At the same time, technology companies love to say: “We are merely a technical platform, not responsible for content or data.” However, Robert Picard and Victor Pickard point out that these companies are engaged in editing and making choices daily—increasingly monitoring, regulating, deciding what posts to delete, what content to recommend, and to whom to sell your data (Picard & Pickard, 2017). This is not neutrality, this is power. And since they have power, they must take responsibility.
Karppinen (2017) further reminds us: Human rights-based policies are breaking down the dichotomy of “individual rights versus government control”, and are instead challenging corporate control and more closed, market-driven ecosystems. True freedom does not mean the absence of regulation, but rather the use of regulation to limit excessively powerful forces. When a company can freely market your data, government intervention actually serves to protect freedom, rather than deprive it.
Why the law cannot protect you
You might be thinking: But doesn’t Europe have the GDPR? And doesn’t Australia have privacy laws? Don’t the laws protect us?
The GDPR is certainly stronger than most laws. It requires “explicit consent” and prohibits pre-ticked boxes. But the Meta case shows that even with the GDPR, companies can still pull off “take it or leave it” tricks. The law punishes them once, and they simply move elsewhere to carry on.
Australia’s Privacy Law is even older. It was enacted at a time when Facebook didn’t exist, let alone facial recognition. In 2022, Australia finally amended the law, raising the maximum fine from 2 million to 50 million Australian dollars – but when the Clearview AI case came to light, this new legislation hadn’t yet come into force. The law can never keep up with technology, just as you can never catch a thief who’s already made a clean getaway.
Both sets of laws share a common blind spot: they assume that “as long as I’ve told you and you’ve agreed, everything is fine”. But as we have already said, that “agreement” is fundamentally a sham.
Suzor (2019) points out that the root of the problem lies in the platform rules themselves. The platform’s true rules are hidden, confusing and highly contentious. What is acceptable behaviour? The definition is highly subjective. In a community of hundreds of millions of people, disagreements are inevitable. Legally, however, the platform holds absolute power—it can kick you out at any time for any reason, and you have no means of resistance. The law packages this as your freedom: if you don’t like it, you can leave.
But can we really leave? Without Facebook, you might struggle to find information about events. Without Instagram, your small business might go under. So the phrase “you can leave” is absurd. In other words, the platform holds absolute power, whilst users have no real option to exit. This power imbalance is the fundamental reason why the “agreement” mechanism fails.
The problem is not that the law lacks detail, but that the rules of the game are fundamentally flawed. Nissenbaum (2018) explicitly criticised the practice of interpreting “context” as a “business model” or “technological platform”. If we treat context as a business model, it amounts to allowing companies to set their own rules, and privacy protection will never stand a chance. Similarly, if we assume that “what technology can do is reasonable”, we have abandoned the most basic moral judgement.
What shall we do then?
At this point, you might feel helpless: Does that mean I just have to give up and let them take my data? Not exactly.
On a personal front, there are still steps you can take: use a browser that doesn’t track your behaviour, and disable unnecessary permissions in apps. If you truly care about your privacy, you could also opt for the paid versions of apps.
However, real change cannot be achieved by simply having everyone switch off their devices one by one. The key lies in transforming business models and legal power structures. What we need is a clear legal ban on the “take it or leave it” model of forced choice. The granting of a fundamental right to users not to be profiled, and the establishment of an independent regulatory body capable of swiftly penalising companies that breach the rules, rather than allowing cases to drag on for years before a single fine is issued.
So, where does a more systematic solution lead? Flew (2018) proposes a model of “co-regulation”. He draws on the concept of soft law: for soft law to be truly binding, it is necessary to establish an institutional framework that encourages cooperation among regulated entities, whilst also requiring oversight by independent public bodies—bodies which must enjoy the trust of all parties. In other words, the government sets the overarching rules and minimum standards, the industry is responsible for everyday implementation, but the entire process is subject to oversight by independent bodies.
This arrangement is far from perfect, but it at least offers more hope than the cycle of “apology—repeat offence—another apology”. Moreover, such “soft law” must be backed by proper legislation—as the GDPR has demonstrated, rules only truly take effect when the cost of non-compliance is high enough to be a real pain for companies.
Next time, when you see the words “I agree”, don’t just click it without a second thought. Not because you’ll suddenly start reading those incomprehensible terms and conditions—but because you must remember: that button has never been a shield to protect you, but rather a contract of servitude they’ve designed for you to sign with your own hand. Change won’t begin with you clicking “Disagree” on your own, but it will begin when you stop trusting that button.
Reference lists:
Karppinen, K. (2017). Human rights and the digital. In H. Tumber & S. Waisbord (Eds), The Routledge Companion to Media and Human Rights (pp. 95–103). https://doi.org/10.4324/9781315619835
Nissenbaum, H. (2018). Respecting Context to Protect Privacy: Why Meaning Matters. Science and Engineering Ethics, 24(3), 831–852. https://doi.org/10.1007/s11948-015-9674-9
Picard, R. G., & Pickard, V. (2017). Essential principles for contemporary media and communications policymaking. Reuters Institute for the Study of Journalism.
Suzor, N. P. (2019). Lawless: The Secret Rules That Govern Our Digital Lives. Cambridge University Press. https://doi.org/10.1017/9781108666428
Terry Flew. (2019). Platforms on Trial. Intermedia, 46(2), 18–23. https://eprints.qut.edu.au/120461/
Be the first to comment