Now, in the digital age, we use free apps every day: social media, shopping, navigation, ordering takeouts… There is no cost for them to download, and some of them don’t seem to have a clear way to make money but they gain billions of dollars each year. So what do we really pay for these apps? The answer is obvious: our data, our privacy. Every view, click and search become valuable for analyzing online.
Numerous apps collect our data, even eavesdrop us secretly to provide “personalized services”. More and more people are complaining about that there is no privacy online anymore. According to Flew, “Pew Research Center found that 91% of adults ‘agreed or strongly agreed that consumers have lost control of how personal information is collected and used by companies’ and that only 9% o those surveyed were ‘very confident’ that social media companies would protect their data.” (2021) Countless apps collect our data, even eavesdrop us secretly to provide “personalized services”. However, this privacy is given up by us “voluntarily” as a cost for the free use of the apps. We have to agree with their privacy policies, otherwise the apps are not available.
Privacy as the cost
In December 2024, Meta Platforms has agreed to pay A$50 million to Australian privacy regulators as a settlement. Finally the long and costly legal battle about the Cambridge Analytica scandal has finally come to an end for Facebook’s parent company, Meta. The Office of the Australian Information Commissioner had alleged that some users’ personal information was leaked to a personality quiz app, “This Is Your Digital Life”, which belongs to Facebook. According to the statement in 2020, the private data of 311,074 Australian Facebook users was “exposed to the risk of being disclosed” and the data was obtained by a consulting company named Cambridge Analytica and used for user profiling analysis. (Reuters, 2024)
According to investigation by the national privacy regulator in Australia, just 53 Australian Facebook users installed the app. But another 311,074 Australian Facebook users were friends of those 53 people, meaning the app could have requested their information too. (The Conversation, 2025) 53 is a small number in a country’s population, but they could influence over 300 thousand people by the link of the social media. In general, the apps we install on our own mobile phones can only influence ourselves. However, this case shows that such “harmless” apps can also collect data from our friends without a notice and consent. Our data becomes valuable resource which could be stolen when we are not aware. “The World Economic Forum described personal data as the new ‘oil’ – a valuable resource of the twenty-first century … a new type of raw material that is on a par with capital and Labour.” (Flew, 2021)
Most users have no idea about how their data is used and processed, indicating a serious problem that the lack of clear notice about data usage. The companies hidden behind the social medias may claim that they have told the users about the privacy issues in the privacy policy when they use the app for the first time.
In fact, many people claim that they care about their privacy online, but their act don’t match their words. A study show that people believe that simply give away their data privacy can make them get convenient services or access for a service in no charge. While they expressed that they understand the importance of privacy, it is not as important as getting basic access to a digital service. Some participants of the study said that benefits these platforms offer outweigh the risks of the data privacy that they share. This is what called privacy paradox: despite expressing their concerns about privacy, users continue to share private data online.(Zhang et al., 2024) This phenomenon is more of a compromise than consent. This reveals the essence of these free apps: we pay with our privacy as the cost to get the service. What’s free is actually the most expensive. Privacy is one of our most valuable resources. Our data has become commodities in the trade of the companies and advertisers.
The switch could be fake: the flaw in privacy policies
To avoid privacy breach, some users choose to turn off certain switches in some app’s settings. But does this approach really work? Disappointingly, maybe no. Turning those switches off doesn’t mean that all the privacy issues can be solved. The “payments” are still being processed.
In 2025, Google lost in its privacy trials, resulting in a $425.7 million penalty. Google had violated the privacy of 98 million users. These users turned off the switch named “Web & App Activity” in their account settings in the apps in order to stop Google from tracking their data. However, the switch is fake, which means the tracking of their data is still in progress. Google argued that the users had actually consented to the tracking. In privacy policy, the company explicitly states that the collection of anonymized data is permitted even if the switch is turned off. This argument is rejected by the jury because Google’s consent term should have been more explicit to users and none of ordinary users would read the long and complex privacy policies carefully. Finally, the jury determined the lack of Google’s transparency over the toggle constituted “offensive conduct” under the California Constitution’s invasion of privacy and intrusion upon seclusion standards. (Poritz & Brown, 2025)
The users may just skim or just scroll to the bottom of the privacy policies. This lead to a lack of understanding of the privacy policies; the users are unaware of their rights and obligations as well as the company’s. In such circumstances, users may mistakenly believe that they can protect their privacy from being tracked by turning the switch off. Ari Waldman, a privacy law professor at the University of California Irvine School of Law, said in an interview: “we can’t honestly expect any individual, ordinary user to click on however many buttons that they need to and then read a multi-1,000 word privacy policy and then interpret that legalese written privacy policy.” (Poritz & Brown, 2025)
In 2021, a large scale survey is carried out to analyze user attitudes and opinions on contemporary privacy policies. The study found that 89% of the participants who have the experience of reading privacy policies met some problems in understanding the meaning of content in these policies. 55% of the participants gave a wrong answer when asked to explain the actual meaning of the passage. Some participants mentioned that the wording is too broad to identify what they are actually doing. Other participants pointed out that the terms used should be easy and brief for better understanding to avoid the loss of interest when reading long passages of text. There are also suggestions like making the information bulleted, using larger fonts and words that are easily understood by the general population.(Ibdah et al., 2021)
This implies a serious flaw in the privacy policies. Although the companies have to make the users read their privacy policies, what we all know is that almost nobody will read all that long and complex legal terms carefully, which is really hard to understand what they want to express. As Korunovska et al. pointed out: “In the face of complex privacy policies, many users of online services agree to privacy-intruding practices of digital service-providers.”(2020)
The privacy policies need to be improved. They should be clear, concise in language, easy to understand and explain how the system works and how to stop the data from being collected. The government and legislators should formulate more detailed regulations regarding privacy policies. For example, the wording and terms should be easy for an ordinary people to understand. This can prevent certain companies from exploiting loopholes in law.
Trackers everywhere: keeping away from an app doesn’t mean your data is safe
You might be wondering: if someone doesn’t use these apps completely, will their data still be collected by them? Unfortunately, the answer is yes.
According to the report of BBC, after the sale of TikTok’s US operations to a group of companies links to US President Donald Trump, TikTok not only tracks all your activity on its app but also monitors your activities elsewhere on the internet that have no connections with TikTok. It is able to collect your sensitive and highly personal information even if you’ve never used the app. TikTok use a tool named pixel to track user behavior. Tracking pixels are invisible images that occupy only one pixel on the screen. They are loaded in the background of the website and have a lot of built-in data collection technology. They can collect extremely private information such as fertility and health status. Other big companies like Google and Meta even set much more trackers on global top websites. (Germain, 2026)
This case is particularly concerning. Generally speaking, it is normal for a platform to track its user behavior on its own platform. This report reveals that big tech companies can still reach into our lives and track us without our awareness even if we don’t use their apps. This allows the companies provide highly personalized content and targeting ads. However, there is no notice, no consent. We may never know we have been tracked without news, investigations or reports.
This case shows that sometimes the cost of these free apps is not just limited to what we do and share with our consent on a certain app; they can also appear in another website and collect our data invisibly. Privacy can be taken without direct interaction, raising serious concerns about consent, transparency, and control in the digital age.
Laws to regulate
In Australia and Europe, there are efforts to regulate privacy issues, giving users more control over their personal information.
In Australia, The Privacy Act includes 13 Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian Government agencies. It continues to reform constantly to keep up with time.
In Europe, The European Union’s General Data Protection Regulation (GDPR) is widely regarded as one of the most comprehensive privacy laws, which took effect in 2018 and aims to address growing privacy concerns in the digital age. The two core pillars of the GDPR are privacy rights and data security. (Das Chaudhury & Choe, 2023) Both work together to protect individual privacy and data.
A similarity between them is that both of them rely on consent. GDPR requires explicit consent when processing personal data, while in Australia Privacy Act, implied consent is allowed, which means consent is assumed unless an individual explicitly opts out.(Purpose Lawyers, 2023) However, as mentioned above, due to various reasons, it is hard for users to fully understand the privacy policies. This creates a gap between legal intention and everyday practice.
The laws always lag behind reality. They require constant revision to keep pace with the times. We all hope in the future, revised laws will protect our data and privacy better.
Conclusion
Now, it is clear that we all pay our privacy for those free apps. Some apps can not only take our own data but also friends’. Users care about their privacy, but they have to compromise to get convenient service, which is called privacy paradox. Our privacy, our data has already been a valuable resource and commodity, the oil of the digital age.
The privacy policies with significant flaws need to be improved. The wording, the terms, the length and the complexity of the privacy policies all created great difficulties for users to understand, which could lead to misunderstandings and fake consent.
Even if you keep away from those apps, you still can not escape from the data trackers. Invisible trackers are everywhere, constantly monitoring our every action online without any interaction and consent.
Fortunately, laws like GDPR and the Privacy Act constantly reforms, trying to keep up to protect our data and privacy.
The apps collect our data to provide personalized ads and contents, but they are not completely bad things. They allow us to see the contents we like and enjoy them, making us have a better experience online. However, these apps shouldn’t collect collect our personal information excessively without our knowledge or with our fake consent. Excessive collections is the invasion to our personal life. With the evolution of the technology, we need strict laws and strong regulations to regulate the companies and ensure the users not pay more than they want.
So what do we really pay?
It’s privacy.
The cost could be privacy, but how much privacy should be entirely up to us and we should be truly given a choice.
Reference
Das Chaudhury, R. & Choe, C. (2023), Digital Privacy: GDPR and Its Lessons for Australia. The Australian Economic Review, 56: 204-220. https://doi.org/10.1111/1467-8462.12506
Flew, T. (2021). Regulating Platforms. Polity Press.
Germain, T. (2026, February 11). TikTok is tracking you, even if you don’t use the app. Here’s how to stop it. BBC. https://www.bbc.com/future/article/20260210-tiktok-is-tracking-you-even-if-you-dont-use-the-app-heres-how-to-stop-it
Ibdah, D., Lachtar, N., Raparthi, S. M., & Bacha, A. (2021). “Why should I read the privacy policy, I just need the service”: A study on attitudes and perceptions toward privacy policies. IEEE access, 9, 166465-166487.
Korunovska, J., Kamleitner, B., & Spiekermann, S. (2020). The challenges and impact of privacy policy comprehension. arXiv preprint arXiv:2005.08967.
Poritz, I., & Brown, C. (2025, September 6). Google’s Trial Loss Shows Distaste of Complicated Privacy Terms. Bloomberg Law. https://news.bloomberglaw.com/litigation/googles-trial-loss-shows-distaste-of-complicated-privacy-terms
Purpose Lawyers, (2023, November 20). Privacy policies: What is the difference between GDPR v the Privacy Act?. https://www.purposelawyers.com.au/articles//b/privacy-policies-what-is-the-difference-between-gdpr-v-the-privacy-act
Reuters. (2024, December 18). Facebook-parent Meta settles with Australia’s privacy watchdog over Cambridge Analytica lawsuit. https://www.reuters.com/technology/meta-pay-32-mln-it-settles-facebook-quiz-apps-privacy-breach-2024-12-17/
The Conversation. (2025, October 27). How to apply for a share of Facebook’s $50 million privacy class action settlement. https://switzer.com.au/how-to-apply-for-a-share-of-facebooks-50-million-privacy-class-action-settlement/
Zhang, J. H., Koivumäki, T., & Chalmers, D. (2024). Privacy vs convenience: Understanding intention-behavior divergence post-GDPR. Computers in Human Behavior, 160, 108382.
Be the first to comment