As technology continues to advance, the resulting technological products have become an indispensable part of our daily lives. The reasons for using them vary. It could be a hobby, a job, or simply a way to pass the time.
However, when you open a website, you often see a request to agree to “cookies”, or when downloading software, you encounter lengthy terms of service. What’s your first reaction to these? Don’t fool yourself; you probably clicked the “I agree” button without even reading it. After all, who has time to read an “electronic legal dictionary”?
Image Source: [UNILAD]
The problem is: when we click “agree,” do we really understand what we’re agreeing to? In digital policy research, this is known as the privacy trade-off. It refers to the assumption that users will rationally exchange their personal data for access to digital services. However, this trade-off is fundamentally flawed. Helen Nissenbaum (2018, p. 831) challenges this status quo of simply having users click “agree.” She points out that tech giants treat privacy as a simple commodity transaction. The public neither perceives nor understands this operation. All we can do is click a green button.
Tech companies constantly try to convince us that with a simple click of an “agree” button on a screen, we own our own data. Perhaps you consider yourself very careful about protecting your personal data. So what do you do when an app requests access to your precise location to navigate home? What do you do when you need to upload your digital footprint for a project? For these relatively small rewards, you’re providing personal information simply to maintain basic social relationships and convenience (Chen & Cheung, 2018, p. 279). So, admit it, you don’t really have a choice. This is not “agreement,” but “compromise.”
The truth is, this helplessness you face every day stems from the underlying logic of tech companies’ business models. Digital governance scholar Terry Flew (2021) emphasised that today’s internet platforms have evolved into monopolistic social infrastructure, whose operation is highly dependent on the extraction of user data.
In the data-driven business systems of tech giants, the customizable privacy settings they present to the public are merely a public relations illusion masking their power. When we discover and understand that the “self-regulation” long touted by tech giants is ineffective, we will realise that the only way to reclaim digital rights is through forceful public policy intervention.
You might say, “But the platforms do ask for my input! They let me choose the settings myself.” Before we get too grateful, let’s look at a real-world example of a tech giant creating this game about “governance theatre”.
A carefully orchestrated “governance theatre” by Facebook
In 2009, after Facebook’s privacy policy sparked public outrage, CEO Mark Zuckerberg announced that power would be returned to users, promising that Facebook users would directly participate in the formulation of the website’s terms of service. This move, allowing global internet users to vote on platform rules, sounds wonderful, right?
But this actually masks a crucial issue. About legitimacy. In the common sense of political science, administrators must gain the genuine approval of those they govern for their power to be legitimate. For a “digital infrastructure” like Facebook, which manages billions of people, this raises a challenge. Digital rights scholar Nicolas Suzor (2019, p. 24) posed this question: As a society adapting to the digital age, what role do we want platforms to play in “governing” our lives? And how can we ensure that the enormous power they wield is exercised “legitimately and fairly”? After all, without a fair decision-making process, the rules it sets are dictatorial.
To evade accusations of authoritarianism, Facebook devised a seemingly democratic trap. It set the voting threshold at an almost impossible level: only 30% of active users participated for the vote to be legally binding. On a platform with hundreds of millions, even billions, of users, expecting 30% to simultaneously set aside their lives to study dry legal texts is nothing short of wishful thinking.
In 2012, when Facebook launched another vote, despite 88% of voters (over 600,000 people) strongly opposing the privacy changes, Facebook conveniently declared the vote invalid due to insufficient participation (less than 1%), quietly retracting its promise to “listen to public opinion” (Suzor, 2019, pp. 11-12).
Image Source: [CNN]
Ultimately, this Facebook fiasco perfectly demonstrates what a “governance theatre” is. The platform doesn’t genuinely seek power through democratic processes, but rather uses the simulation of democracy to deceive users into believing its rules are legal. This exposes the darkest truth about the tech industry’s “self-regulation”: platforms are not only rule-makers and enforcers, but also judges who oversee the rules. When a for-profit organisation can manipulate voting rules at will to achieve its predetermined goals, the so-called “user choice” becomes nothing more than a public relations tool to cover up its hegemonic behaviour.
Privacy as a premium: Meta’s “consent or pay“
You might think that the 2009 Facebook poll was just a reckless mistake made in the early days of the emerging tech industry. However, the manipulation of user rights has not disappeared; it has simply evolved into a more blatant form and now comes at a real cost.
Image Source: [Wikipedia]
In recent years, Meta (the parent company of Facebook and Instagram) has introduced a highly controversial policy in Europe: a “consent or pay” model. Its premise is simple yet worrying: Meta issued an ultimatum to its European users. If you don’t want the platform to continuously track your online behaviour and push targeted ads to you, you can choose to pay a monthly subscription fee of approximately €10 to €13. If you don’t want to pay, or simply cannot afford, then your only option is to “voluntarily” consent to them collecting your personal data and monetising it.
Critics and journalists aptly call this a “privacy tax.” On the surface, Meta argues that they are simply complying with the law by providing users with an explicit option to opt out of tracking. However, this move is merely a “regulatory turn” to adapt to the current political climate (Terry Flew, 2021).
Image Source: [Giornalettismo]
The concept that “your data always belongs to you, not the company that collects it” is clearly stated in the EU’s General Data Protection Regulation (GDPR). Therefore, under unprecedented pressure from governments and the constraints of strict legal frameworks like the GDPR, tech giants are well aware that the golden age of “self-regulation” is over. Meta’s subscription model does not truly respect user privacy, but rather is a defensive, mandatory compliance strategy designed to circumvent regulations that restrict its behaviour.
By turning privacy into a paid feature, this “choice” fundamentally undermines the universality of digital rights. As Kari Karppinen (2016, pp. 95-96) points out, there is a huge gap between the description of digital rights and their actual performance. He warns that when fundamental rights are influenced by market logic, they no longer equally protect people’s dignity but depend on each person’s ability to pay.
This logic exposes a troubling reality about our current digital ecosystem: the institutionalisation of digital inequality. Privacy is rapidly becoming a luxury, not a basic human right. For university students or minimum wage workers, an extra 10 euros per month is a significant financial burden. Consequently, vulnerable groups are forced to surrender their personal information to access essential services. They are completely deprived of the option to opt out of surveillance due to their economic means. This “pay to free” logic is a manifestation of inequality: if you are wealthy, you can buy digital dignity; if you are poor, you must accept continuous tracking.
Image Source: [The New York Times]
Even more infuriating is that even if you can afford it, you may not truly gain the privacy you’ve purchased. Empirical research by Timo Müller-Tribbensee et al. (2024, p. 168) found that nearly one-third (32.9%) of platforms employing this “paid tracking” mechanism failed to deliver on their promises. In other words, even after users pay for a tracking-free experience, these platforms continue to use background trackers.
This completely shatters the illusion of “consumer empowerment.” Meta’s actions demonstrate that allowing modern tech giants to self-regulate is a dead end. Their so-called “choice” is nothing more than digital extortion disguised as legality. The “governance theatre” will always exist. Today, platforms are charging for a fundamental right, while the underlying mechanisms for looting private data never truly cease.
The failure of “self-regulation”
From Facebook’s sham democracy in 2009 to Meta’s current “privacy tax,” these cases reveal the unreliability of “self-regulation.” These platforms are essentially massive data extraction tools. Expecting a multi-billion-dollar machine to limit its core revenue streams voluntarily is itself a structural paradox.
This inherent conflict of interest illustrates the contradiction between the logic of the free market and the protection of social human rights (Kari Karppinen, 2017, pp. 96-97). Tech giants are diluting the weight of human rights through marketing. When we rely on corporate self-regulation, we are effectively “outsourcing” our fundamental rights to profit-driven enterprises. Therefore, digital rights are stripped of their democratic weight and reduced to acts of social responsibility. Platforms will only protect our privacy until it threatens their own profits.
Therefore, we must recognise the immense influence these companies wield. We are dealing with an indispensable infrastructure of modern society. These private, multinational platforms are reshaping how we work, learn, and do business, as well as how we interact with governments and each other (Goggin et al., 2017). They are redefining the boundaries of our personal lives and careers. These tech giants have fundamentally deprived citizens of their rights. As Goggin et al. (2017) noted, only 38% of users truly feel in control of their digital privacy. Their internal terms of service effectively function as authoritarian global law. This “governance theatre” must end. True digital security requires abandoning the illusion that corporations can self-regulate and instead demanding legally binding, independent public oversight.
Finding a Way Out
To end this illusion, we need a mandatory external legal framework to constrain tech giants. Europe’s General Data Protection Regulation (GDPR) offers a glimpse into a structural intervention. One of its core pillars is the concept of “data minimisation.”
In short, this means that platforms are legally restricted to collecting only the absolute minimum amount of data necessary to provide their specific services. Why this rule? Because academically, it’s a mandatory protection of data’s “contextual integrity” (Nissenbaum, 2018, p. 831). The flow of information must conform to the specific context of our current lives.
For example, navigation can obtain your location information to guide you home, which conforms to the service context. But if it illegally crosses the line, using this information to analyse you, such as which shops or restaurants you frequently pass by, then this undermines contextual integrity.
It’s easy to see that tech giants generally have the bad habit of “data hoarding” (Goggin et al., 2017). The data minimisation principle shifts the responsibility for privacy protection from users to the law itself. It addresses this bottomless greed from a legal perspective.
When digital policy researchers talk about “governance,” it’s not an abstract academic term, but something that concerns every aspect of our daily lives. So, the next time a lengthy pop-up interrupts your screen, asking you to click “I agree,” remember that the feeling of helplessness is intentionally designed that way.
Stop relying on customizable settings or tech companies’ “self-regulation.” We must refuse to be dominated by forced clicks and fight for an uncompromising bottom line for our digital future.
Reference:
Angwin, J. (2014, March 4). Opinion | Has privacy become a luxury good? The New York Times. https://www.nytimes.com/2014/03/04/opinion/has-privacy-become-a-luxury-good.html
BBC News. (2018, March 21). Mark Zuckerberg in 2009: Facebook privacy is central – BBC News [Video]. YouTube. https://www.youtube.com/watch?v=2GuHVZx4OwU
Boldi, E. (2024, March 26). Nel mirino dell’UE il modello “consent or pay” di Instagram e Facebook. Giornalettismo. https://www.giornalettismo.com/pay-or-consent-meta-indagine-ue-dma/
Chen, Z. T., & Cheung, M. (2018). Privacy perception and protection on Chinese social media: a case study of WeChat. Ethics and Information Technology, 20(4), 279–289. https://doi.org/10.1007/s10676-018-9480-6
Davies, G. (2025). Consent or Pay: Transforming Internet Users from Products into Customers. Journal of European Consumer and Market Law, 14(1), 6–14.
Flew, T. (2022). Regulating platforms. Polity Press.
Goggin, G., Vromen, A., Weatherall, K., Martin, F., Webb, A., Sunman, L., Bailo, F. (2017) Executive Summary and Digital Rights: What are they and why do they matter now? In Digital Rights in Australia. Sydney: University of Sydney. https://ses.library.usyd.edu.au/handle/2123/17587
Jones, C. (2023, April 29). What actually happens when you click ‘accept Cookies.’ UNILAD. https://www.unilad.com/news/what-happens-accept-cookies-236742-20230429
Karppinen, K. (2017) Human rights and the digital. In Routledge Companion to Media and Human Rights. In H. Tumber & S. Waisbord (eds) Abingdon, Oxon: Routledge pp 95-103.
Kelly, H. (2012, December 11). Voting closes on Facebook policy changes, only 299 million votes short. CNN. https://edition.cnn.com/2012/12/10/tech/social-media/facebook-policy-vote
Müller-Tribbensee, T. (2024). Privacy Promise Vs. Tracking Reality in Pay-or-Tracking Walls. In K. Rannenberg, M. Jensen, & C. Lauradoux (Eds.), Privacy Technologies and Policy (Vol. 14831, pp. 168–188). Springer. https://doi.org/10.1007/978-3-031-68024-3_9
Nissenbaum, H. (2018). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics, 24(3), 831-852.
Suzor, Nicolas P. 2019. ‘Who Makes the Rules?’. In Lawless: the secret rules that govern our lives. Cambridge, UK: Cambridge University Press. pp. 10-24.
Wikipedia contributors. (2025, November 19). Consent or pay. Wikipedia. https://en.wikipedia.org/wiki/Consent_or_pay
Be the first to comment