Introduction
Every time we scroll through social media, search on Google, or click “accept all cookies,” we risk exposing our personal information. Behind the convenience of these “free” services lies a reality that threatens our digital security. This environment has created a data-driven economy where personal information is constantly collected, analyzed, and monetized (Zuboff, 2019). Since our data is already out there, the main question is not if it is being used, but who controls it and under what rules.
In this setting, privacy is more than just an individual choice. Nissenbaum (2018) explains that privacy depends on whether information flows are suitable for specific social situations, not just on whether information is shared. But in the digital age, these boundaries often disappear. Data shared in social settings can be reused for commercial targeting, algorithmic predictions, and even political influence (Zuboff, 2019).
At the same time, digital platforms work in an economic system that encourages them to collect as much data as possible. Research on digital privacy economics shows that companies are built to gather and use user data, often in ways users did not expect or approve (Nissenbaum, 2018). This leads to a big imbalance between users and platforms. Platforms have the knowledge and power that users need, while users must give up their information to access services, leaving their data open to misuse.
This blog argues that privacy is no longer just an individual issue; it is mainly a matter of governance in the digital world. By looking at the political economy of data, the power platforms have to regulate, and the limits of user control, it shows that protecting digital rights needs systemic action, not just individual awareness.
The Political Economy of Data
Today, data creates significant value and shapes the digital economy. Platforms like Meta, Google, and TikTok collect large amounts of user data to build profiles, target ads, and make a profit (Zuboff, 2019). This process turns user behavior into a commodity, where every click, like, and scroll adds to a larger system of data extraction.
From an economic point of view, collecting data brings both benefits and risks. It allows for personalized services, better recommendations, and smoother user experiences. However, it also leads to what Fainmesser et al. (2023) call privacy externalities, where harm can happen if data is misused, breached, or exploited by others. These risks are built into the way data-driven markets work. Platforms collect data for a reason: the digital economy gives them strong reasons to gather as much as possible, even if it increases risks for users. While some platforms invest in data protection, these efforts often aim to keep user trust rather than reduce data collection. This creates a system where companies may collect too much data or not invest enough in protection, depending on what brings the most profit (Fainmesser et al., 2023).
As shown above, the way the digital economy works means that privacy failures are not just about individual choices or scandals at certain companies. Instead, they point to a deeper structural problem: data extraction is built into how profits are made online (Zuboff, 2019). Because of this, relying on individual consent through privacy policies and user agreements is not enough. These tools are often designed by platforms to serve their own interests (Solove, 2021). In short, these mechanisms ask platforms to inform users, but they do not address the risks created by a data-focused digital economy.
Platforms as Private Governors
If we see data as a resource in the digital economy, platforms have a responsibility to manage it. Companies like Meta and Google do more than just help people communicate; they shape the conditions for that communication. Through algorithms, data systems, and content moderation, they decide what users see, how they interact, and how their information is handled. This is why some scholars call platforms private governors of digital life (Gillespie, 2018). Unlike traditional regulators, platforms do not get their authority from democratic processes that reflect users’ needs. Instead, their power comes from terms of service agreements, which are required by law but are rarely read or understood by users (Marotta-Wurgler & Chen, 2012). Also, as debates about platform regulation show, having so much power in a few companies weakens traditional accountability (Srnicek, 2017). Platforms work globally but are mainly guided by their own policies, which focus on business interests. As a result, they are rarely controlled by national privacy laws, making digital security a complex issue.
This shows that digital platforms do not regulate themselves well. Issues like misinformation and data breaches have led to public concern about how these platforms handle data security, which has prompted government action (Gillespie, 2018). These actions show that platforms are not just neutral middlemen; they have real regulatory power and can shape both markets and society (Gillespie, 2018). This change is important for understanding privacy. Governing the digital world is not just about protecting data, but also about overseeing the institutions that control information and the digital economy. Because of this, we need accountability systems, since platforms often set the limits of privacy themselves.
The Illusion of User Control
Even though many people worry about privacy, most users still think they have real control over their data. Platform designs, like privacy settings, consent forms, and cookie banners, make it seem like users can decide how their information is used. But this control is often only on the surface. Nissenbaum’s (2018) idea of contextual integrity helps explain this. Privacy depends on whether information flows match what people expect in a social setting (Nissenbaum, 2018). In reality, users’ data is collected and used in ways they do not expect or fully understand. Information shared with platforms can be reused for targeted ads, algorithmic profiling, or predicting behavior.
This lack of understanding about data control is especially clear among younger users. Studies show that children think about privacy mostly in terms of what they share with friends or family, but they do not understand how companies and institutions use their data (Stoilova et al., 2020). Because of this, they often think they have more control than they really do, believing that choosing what to post means controlling how their data is used. This gap between what people think and what actually happens is not just a problem for children. Adults also find it hard to understand how data moves, how algorithms work, and how third parties use their information. Solove (2021) points out that privacy is about relationships and is hard to manage alone, especially online. This means user consent cannot be the main way to protect privacy. When people do not have the knowledge or ability to make informed choices, consent becomes just a formality, not real protection. Users may feel they control their data through consent systems, but this is an illusion, since the digital economy is not truly governed.
Case Study: Meta, Children’s Data, and the Limits of Platform Accountability
The regulatory actions against Meta Platforms illustrate the limitations of current privacy governance frameworks. In 2023, the Federal Trade Commission proposed new restrictions on Meta, including a ban on monetising the data of users under 18 (FTC, 2023). The regulator argued that Meta had violated previous privacy commitments and failed to adequately protect young users. News coverage from sources such as The Guardian (Paul, 2023) and Reuters (Raymond, 2026) reveals a broader pattern of concern. Lawsuits filed by various U.S. states against Meta allege that its platform features are addictive and harmful to young users; moreover, in a digital economy where more data equals more profit, the company prioritises growth over safety (Alter, 2025). These developments reflect a growing awareness that platform operating models can cause systemic harm, especially to vulnerable groups such as children.
From an economic perspective, the case reflects the structural incentives identified by Fainmesser et al. (2023). Meta’s reliance on advertising revenue creates a strong incentive to collect and analyse user data, including from younger users (Fainmesser et al., 2023). While the company has implemented privacy measures, these have not fundamentally altered its data-driven business model. From a governance perspective, the case highlights the limits of self-regulation. Meta effectively sets its own rules for data collection and use, yet these rules have been shown to conflict with public expectations and regulatory standards (Nissenbaum, 2018). The FTC’s intervention represents an attempt to reassert public authority over private governance, implying a shift toward more proactive regulation.The case also illustrates a violation of contextual integrity. Users engage with platforms in a social context, expecting to communicate with friends and share experiences. However, their data is repurposed for commercial and algorithmic uses that extend far beyond this context. This mismatch undermines trust and challenges the legitimacy of consent-based models. Importantly, the focus on children’s data underscores the issue of user understanding. As Stoilova et al. (2020) demonstrate, children lack the capacity to fully understand how their data is collected and used. This makes them particularly vulnerable within data-driven systems and highlights the inadequacy of relying on consent as a protective mechanism.
Rethinking Digital Rights and Governance
The challenges discussed above show that we need to rethink how privacy is managed. Current methods that focus on user consent and data protection do not address the deeper issues in the digital economy.
One key limitation is the focus on protecting data after it has been collected. While security measures are important, they do not address the underlying issue of excessive data collection. Effective governance must therefore regulate both data collection and data use.
Recent policy developments suggest movement in this direction. Proposals to restrict targeted advertising to children, strengthen data protection laws, and increase platform transparency reflect a growing recognition that privacy must be treated as a fundamental right rather than a consumer choice (Ortutay, 2023).
A rights-based approach shifts privacy governance from focusing on individuals to focusing on institutions, helping users take part in a safer digital world. Still, it is important for platforms to provide clear information. Users need to know how data systems work to use them safely. But as Stoilova et al. (2020) point out, education alone cannot keep up with how complex the digital world is. So, governance should mix regulation, good design, and public awareness.
Conclusion
In the age of digital platforms, privacy is not just about protecting pieces of personal information. It is about understanding and managing the systems that control how our information is collected, used, and shared. The loss of privacy is not just caused by careless users or one-off mistakes, but by deeper forces like economic incentives, the power of big companies, and the uneven knowledge and control between platforms and users. Companies like Meta are at the center of this, shaping not only how data moves but also how we communicate and interact online. Many users feel they have control, but this control is often limited and shaped by platform designs that do not show the whole picture. For privacy to truly matter in the future, we need to stop expecting individuals to handle it alone. Instead, we should build stronger protections through clearer rules, more accountability for platforms, and by treating privacy as a basic digital right, not just a trade-off. Without these changes, privacy could become less of a real protection and more of a constant negotiation, often without us even noticing.
Reference
I acknowledge that Grammarly is used for grammar checks and the setting of a casual tone. ChatGPT-5 is used to format references and find relevant case study and associated news sources.
Alter, C. (2025, November 22). The allegations against Meta in newly unsealed court filings. Time. https://time.com/7336204/meta-lawsuit-files-child-safety/.
Fainmesser, I. P., Galeotti, A., & Momot, R. (2023). Digital Privacy. Management Science, 69(6), pp. 3157–3173. https://doi.org/10.1287/mnsc.2022.4513.
Federal Trade Commission. (2023, May 3). FTC proposes blanket prohibition preventing Facebook from monetizing youth data. https://www.ftc.gov/news-events/news/press-releases/2023/05/ftc-proposes-blanket-prohibition-preventing-facebook-monetizing-youth-data.
Flew, T. (2018). Platforms on trial. InterMEDIA, 46(2), pp. 24-29. https://eprints.qut.edu.au/120461/.
Gillespie, T. (2018). Custodians of the Internet: Platforms, Content Moderation, and the Hidden Decisions That Shape Social Media. New Haven: Yale University Press.
Marotta-Wurgler, F., & Chen, D. L. (2012). Does Contract Disclosure Matter? [with comment]. Journal of Institutional and Theoretical Economics, 168(1), 94–123. https://doi.org/10.1628/093245612799440122.
Nissenbaum, H. (2018). Respecting Context to Protect Privacy: Why Meaning Matters. Science and Engineering Ethics, 24(3), pp. 831–852. https://doi.org/10.1007/s11948-015-9674-9.
Ortutay, B. (2023, December 20). FTC proposes strengthening children’s online privacy rules to address tracking, push notifications. AP News. https://apnews.com/article/ftc-children-social-media-games-coppa-352ba63293832ee930f0c137aac735de.
Paul, K. (2023, May 3). US regulators may ban Facebook from monetizing data on children. The Guardian. https://www.theguardian.com/technology/2023/may/03/ftc-facebook-meta-messenger-kids-data-privacy.
Raymond, N. (2026, April 10). Meta must face youth addiction lawsuit by Massachusetts, court rules. Reuters. https://www.reuters.com/world/meta-must-face-youth-addiction-lawsuit-by-massachusetts-court-rules-2026-04-10/.
Srnicek, N. (2017). The challenges of platform capitalism: Understanding the logic of a new business model. Juncture, 23(4), 254–257. https://doi.org/10.1111/newe.12023
Solove, D. J. (2021). The Myth of the Privacy Paradox. The George Washington Law Review, 89(1), 1.
Stoilova, M., Livingstone, S., & Nandagiri, R. (2020). Digital by Default: Children’s Capacity to Understand and Manage Online Data and Privacy. Media and Communication (Lisboa), 8(4), pp. 197–207. https://doi.org/10.17645/mac.v8i4.3407.
Suzor, N. P. (2019). Who Makes the Rules?. In Lawless : the secret rules that govern our digital lives, pp. 10–24. Cambridge University Press. https://doi.org/10.1017/9781108666428.
Zuboff, S. (2019) The Age of Surveillance Capitalism. New York: PublicAffairs.
Be the first to comment