Think back to a time when you might have had a similar experience: you’re out to dinner with friends, and you’re talking about the latest viral blush. The very next day, an ad for that blush pops up in your Instagram feed. Isn’t that strange? You didn’t search for it at all—you didn’t even type in any keywords—you were just… chatting.
Scenes like this are a common occurrence in my life and the lives of those around me. At first, our reactions are always the same—we briefly exclaim, “Wow, that’s amazing,” and then casually scroll past the many ads that follow. We’ve grown so accustomed to this that we’ve almost overlooked the contradiction: on the one hand, we’re uneasy about the platforms having so much information about us, yet on the other hand, we keep handing over our data.
This isn’t simply a matter of us being forgetful or lazy. In fact, it is one of the thought-provoking puzzles of this era of rapid technological advancement. Researchers call this the “privacy paradox” (Chen & Cheung, 2018, p. 280), and it is precisely because of this that Mark Zuckerberg could testify before Congress and promise to fix Facebook’s problems—even though he later reneged on that promise—yet Facebook continues to rake in billions of dollars from our data. And that is precisely why, when a platform faces issues, we remain concerned about privacy breaches but still check the app first thing in the morning upon waking up.
My view is that we find ourselves in this paradox because our understanding of privacy is fundamentally flawed. We have long been taught to view privacy as a personal choice—much like subscribing to a newsletter, where one can opt in or out at will. Wikipedia defines privacy as “the ability of an individual or group to isolate themselves or information about themselves, thereby allowing for selective self-expression.” But today, privacy on platforms is no longer merely a matter of personal choice. In fact, it has to do with power, context, and a gradually emerging consensus: perhaps, in the digital age, we were never truly in control of our data to begin with.
Has “Facebook Democracy” really arrived?
The story that follows will perfectly illustrate the farce surrounding privacy on digital platforms.
In 2009, Facebook found itself in trouble over its privacy policy. Users were outraged by changes to the policy, and CEO Mark Zuckerberg made a surprising move: he announced that Facebook would become a democratic platform. It was absolutely true. He said that users would be able to participate directly in the drafting of the site’s “governing documents” (i.e., the Terms of Service), and that Facebook would take user feedback seriously. Votes would be held. Ultimately, the decision-making power would rest with the users (Suzor, 2019, p. 11).
https://www.britannica.com/money/Facebook
That sounds ideal. It lasted from 2009 through 2012.
What happened: Facebook set the voting threshold at 30% of all active users. For a massive platform like Facebook, with billions of active users, this target was virtually impossible to meet. In 2012, when users actually voted on policy changes, more than 600,000 people participated—88% of whom opposed the changes. But that was less than 1% of Facebook’s total user base. Since the threshold was not met, the policy remained unchanged. After the vote concluded, Facebook reneged on its promise and even edited the 2009 blog post, removing Zuckerberg’s name and attributing it to a former employee (Suzor, 2019, pp. 11–12).
This story is typical of the platform’s privacy policy because it exposes the fundamental deception at the heart of social media governance. No matter how much they may feel like public spaces, they don’t even qualify as true public spaces. From a legal perspective, our relationship with Facebook is like that of a merchant and a buyer: we can use the app as a tool for daily communication. However, in exchange, we must agree to abide by all the rules they set.
As Suzor (2019) puts it, this is “firm to consumer, not sovereign to citizen” (p. 11). Generally speaking, the government has no authority to interfere with how Facebook handles your posts (unless those posts are actually illegal), but Facebook can do whatever it wants with your posts based on its own rules and policies. Your “freedom of speech” on social media depends solely on what the platform wants you to say and what it wants others to see.
This phenomenon turns the very purpose of using these platforms on its head. These platforms have become the primary spaces where we connect with friends, express our views, run businesses, and share our lives. They are like digital town squares. But unlike real town squares, these platforms are privately owned and commercialized, with capitalists setting the rules behind the scenes and shutting out the genuine voices of users.
Case of the Privacy Paradox
Let’s return to that blush commercial that seemed to read our minds—and the reactions we gladly embraced.
Chen and Cheung (2018) conducted a study on this phenomenon on WeChat, China’s leading social media platform, and identified several trends that are relevant to social media in general. They surveyed young people who frequently use WeChat—for communication, payments, work, socializing, and more—and found that these users are indeed very concerned about privacy issues. They are aware that the platform collects their data and that the government can access it, and they recognize the risks involved (Chen & Cheung, 2018).
However, they continue to use it.
Why is that? Because no one can completely do without it. WeChat has become an essential tool for their social lives, professional networks, and even paying for food; the cost of giving it up is simply too high. One user told researchers, “I really can’t stand colleagues and team leaders who use WeChat for work… It feels like someone is watching over your shoulder” (Chen & Cheung, 2018, p. 283). But he didn’t give up WeChat. He simply blocked some of his leader’s posts and continued to use WeChat in his daily life.
Isn’t this a situation we all face? We know that Instagram collects our data to serve us ads. We know that Facebook’s algorithms push content designed to keep us engaged. We also know that TikTok might understand our innermost feelings better than our therapists. We know our data has long been exposed and circulating. But our friends are there. Our family is there. Our community is there. We’ve already weighed the pros and cons and made our choice.
Chen and Cheung (2018) refer to this phenomenon as the “privacy calculus”—meaning that we mentally weigh the benefits of exposing our privacy and conclude that the benefits outweigh the risks (p. 285). But it is worth considering: when the alternative is social isolation, is this really a choice? When everyone you know is on a particular platform, you don’t actually have the right to choose whether or not to join. The only choice you truly have is the right to remain alone.
This is why the privacy paradox is so powerful and yet so frustrating. It’s not that we’re irrational or lazy. We’re simply making a final trade-off in an environment that works against us. The platforms know we can’t leave, so they don’t care whether they earn our trust. They just need to avoid doing anything that would truly anger the majority of users.
A Key Element of Privacy Policies: Context
If privacy isn’t a matter of personal choice, what exactly does it depend on?
Helen Nissenbaum’s (2015) research on “contextual integrity” explores this issue. Nissenbaum argues that privacy is not about keeping secrets, but about ensuring that information flows appropriately within a given context. In other words, the key issue is not whether someone knows certain information about you, but rather who knows this information, to whom they disclose it, and how they are permitted to use it (Nissenbaum, 2015, p. 839).
For example, suppose you’re willing to tell your doctor about an embarrassing medical condition you have (such as hemorrhoids). Your goal is to get relief or treatment, but you certainly wouldn’t want the doctor to post about it on Facebook. Although the information is factual, the context is entirely different. It’s appropriate for the doctor to know, but it’s not appropriate for more people to find out about it online.
Nissenbaum (2015) notes that the appropriateness of information flow depends on three key parameters: the actors (the senders and recipients of the information), the type of information (the type of data being shared), and the transmission principles (the conditions under which the information flows) (p. 839). When platforms undermine any of these parameters without just cause, they violate contextual integrity.
Have you heard of the Google Buzz incident? Google attempted to extend Gmail into a social network by automatically using users’ email contacts to build their social graph. People were outraged because email contacts they had only ever communicated with for work or personal matters were suddenly made public as “friends.” This could cause significant problems for people whose identities are sensitive, such as journalists or those involved in extramarital affairs. As can be seen, Google transferred information from one context (email) to another (social network) without permission, violating the principle of contextual integrity (Nissenbaum, 2015, p. 841).
This is a common occurrence on modern platforms. The likes you give on Instagram are used to power ad-targeting algorithms. Your WhatsApp messages are fed into Facebook’s algorithms. Your location data is sold to unknown companies for research or commercial purposes. Almost every moment, information flows from one platform to another, and our control over it continues to diminish.
Nissenbaum (2015) argues that respecting privacy means respecting context. The way companies collect and use data should align with the context in which users provide it. For example, if I provide my location to a mapping app so it can navigate for me, that is one thing; but if that app sells my location data to advertisers so they can show me coffee shop ads when I’m near a Starbucks, that is an entirely different matter. In short, the information itself is the same, but the context is entirely different. We do not object to providing our information, but we strongly oppose its use in contexts for which we have not given our consent.
So What Do We Do?
At this point, you may be hoping, just as I am, for some direct and effective solutions—such as privacy protection initiatives or calls for more robust legislation. Stricter privacy regulations would help. Greater transparency from platforms would help. Better digital literacy education would also help. However, I believe the most fundamental and realistic change is this: we need to change our very perception of privacy itself.
For a long time, we have viewed privacy as a personal responsibility, protecting it by carefully choosing what to share and adjusting our settings. But this mindset allows platforms to shirk their responsibility. It makes it seem as though the flow and leakage of information on these platforms are our fault—that we simply haven’t been careful enough.
In fact, we cannot “opt out” of a system designed to collect data. We cannot opt out of an environment where every interaction is monitored and tracked. You cannot refuse to agree to thousands of words of terms of service. There is no real choice between “accepting” and “leaving,” because leaving means losing contact with your community, customers, and audience (Chen & Cheung, 2018, p. 288).
The platforms themselves won’t solve this problem, because they are the biggest beneficiaries of the current system. But perhaps we can start by refusing to accept this framework. The next time you see a creepy targeted ad, don’t just shrug it off—get angry. The next time a platform misjudges your content, don’t just let it slide—file a complaint. Privacy in the digital age isn’t about keeping secrets; it’s about maintaining boundaries. We must not let our overreliance on these platforms lull us into accepting their rules.
If we don’t start demanding that platforms respect these boundaries, we’ll remain hypocritical. And they’ll continue to set rules we never agreed to.
Reference list:
BBC News. (2010). Google settles Buzz lawsuit with privacy fund. https://www.bbc.com/news/technology-11682964
Chen, Z. T., & Cheung, M. (2018). Privacy perception and protection on Chinese social media: A case study of WeChat. Ethics and information technology, 20(4), 279-289.
Nissenbaum, H. (2018). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics, 24(3), 831-852.
Wikipedia. (n.d.). Privacy. In Wikipedia. Viewed on March 18, 2026, from http://en.wikipedia.org/wiki/Privacy
Suzor, Nicolas P. 2019. ‘Who Makes the Rules?’. In Lawless: the secret rules that govern our lives. Cambridge, UK: Cambridge University Press. pp. 10-24
Be the first to comment