Can we balancing the power imbalance?

Do you ever have experience signing up for a platform, like a social media platform?

You must be asked to fill out a form and giving away your personal information to create an account and can surf through social media platforms.

Have you ever thought about what will happen to your data? Can you take control of personal information that is being shared and used by the platforms?

As digital advances, it becomes a big part on our life. 67.9% of global population are internet users, with an average daily time spent on the internet of 6 hours 38 minutes by internet users aged 16+.

As we surf through the internet and move from one social media platform to another online marketplace website and to another video streaming platform, we might share our personal information without really knowing how it is being used. In fact, our privacy might be violated as platforms collect and use our personal information without making sure we understand it. There is a power imbalance between us as the users and platforms in protecting our data and safeguarding our privacy in the digital space. If we want to engage with the digital space, we have no option but to give away our personal information to the platforms.

What is privacy?

Before going deeper into privacy, the online activity that might increase the risks of our privacy being violated, and how to protect it, let us define what privacy is.

An old writing in the Harvard Law Review, privacy refers to ‘the right to be left alone’. This right should protect our physical security, liberty of conscience, control over personal space, and avoid discrimination on the basis of one’s medical condition, sexual orientation, disability, and freedom from arbitrary intrusion.

Now, as we become more connected through digital networks, the right of privacy was also extended to include the safeguard of personal information and interaction with others. However, the way our data is being collected and used is more beneficial to the platforms rather than us as the users.

Why platforms track and record your data?

Our personal information is being collected and stored by certain platforms. They collect a wide range of data, from the ones that we give on when we sign ourselves up (like name and date of birth) to our interests, beliefs, and location. When we finally get into the platforms and use the service, information regarding our interaction with other users and with content on the platforms are also collected, the ones that we might prefer to keep private. Then, the saved information will be used for various purposes, such as:

• Algorithmic curation

Algorithms might improve user experience in using platforms’ services because it exposes users to content that matches their preferences. However, to be able to do that, platforms need to monitor the user behaviours and record them. Then, the collected information will be used to determine and predict content that might interest users so it can hold users’ attention for a long time. The longer and more users stay on the platforms, the more benefits for the platforms.

• Targeting advertising

Platforms are often used as a space for advertisements as they generate revenue from third-party advertisers. The stored information can be used for micro-targeting advertisements. Platforms will predict the advertisement content and the targeted audience who has the high likelihood of being interested in the advertisement and make an act of purchase. Then it will reached the target market which will help them achieve their marketing goal.

• Influencing political results

There is also concern on how information on digital platforms will be used to  influence political discourses, including its results. Our data is valuable to be used for politicians to target their campaign.

• Price discrimination

Later as the technology keeps developing, information that is being collected over time on platforms can also be used for determining prices for each customer. It could lead to the risk of price discrimination as each person will be offered a different price based on the machine predictions of their behavior.  

The Facebook-Cambridge Analytica: From do something fun to privacy violation

Let’s take a look at one of the big cases related to privacy. The case of Facebook-Cambridge Analytica data scandal in 2018 shows us how we don’t know much about how our data is being used and have no power over it as well. Personal data from millions of Facebook users were collected through a quiz called “thisisyourdigitallife”. After being collected, it was used by Cambridge Analytica, a political consultancy to do voter-targeting for Trump’s presidential campaigns without informed consent. People who engaged with the game might be unaware of how their data is being used, or they might be aware that it might be used by third parties for their own benefits but they continue doing it as it will give them entertainment.

Privacy is not a new issue, but it is getting worse

Because of those risks and potential risks of the way our personal information is being used, there is a rising concern regarding privacy issues. Privacy is not a new issue. It has been an issue since years ago. It started from focusing on the protection of someone’s body and house. Then, it is expanded to managing personal information.

With rapid technological development, the economic value of user data is shifting the ethical boundaries and disrupting the user privacy, because it builds more motivation for the platforms to use users’ data. In addition, the development in technology also improves the efficiency of data analysis processes. These things increase the complexities of the issue and raise public concern. The Pew Research Center in 2018 found that 54% of its survey respondents were concerned that computers and technology are being used to invade people’s privacy. Meanwhile, 91% of respondents thought that we cannot control how our data is being used (Flew, 2021).

“We will protect your data, but…”

Yes, privacy is concerning, so platforms make several efforts related to their data privacy policies.

• Tools to manage and delete data

Social media platforms try to provide various tools to manage and delete data. X (Twitter) users are allowed to customize their privacy settings and download their data.  Meta also provides similar things, tools for its users to view, manage, download, and delete their information. However, these kinds of tools often limit user experiences.

• End-to-end encryption

It is quite common for platforms that provide private messaging services to use end-to-end encryption as the digital safeguard on online interactions. It encrypts the content in the conversation between users and ensures that it remains private. In WhatsApp messenger, you probably notice this statement which indicates that the conversation will remain private.

However, per May 2026, Meta announced that they will remove end-to-end encryption for private messages in Instagram due to criticism from child safety groups. While the concern regarding child safety on the platform is valid, the way it is being addressed is rising another concern regarding privacy in the platform. Removal of end-to-end encryption means that Meta is able to access the content in private message rooms and the content can also potentially be used for advertising and AI training. We, as the Instagram users, have no option or say on this platform policy changes. The only way we do not want our conversation under surveillance is to stop using the private message feature, which is nearly impossible if we remain Instagram users. It shows further proof that we, as the user, do not have enough power in bargaining with the platforms and protecting our privacy.

• Terms of service

Terms of service is contractual documents that contain transactions between users and platforms (Suzor, 2019). It often shows up when new users sign up to any website or platforms. It gives an illusion that platforms give space for users to be informedly consent to give their information and being used by the platforms. However, who do you think reads the terms of services? Even if there are some people who actually read terms of services (even though I believe it is so rare), who do you think can easily understand them? It is packaged in legal terms, full of words and phrases that is uncommon in daily use. The terms of services is not built for the benefit of users in order to make them fully informed about how their data is being used. Instead, it is built to safeguard the platforms’ commercial interest and protect their legal interests.   

Moreover, there is no space for users to question or complain or challenge the terms. It clearly shows the power imbalance in the relationship between platforms and users. If there is one clause that users do not really agree on sharing their data, users have no option other than being unable to use the platforms’ services. It was “all-or-nothing” options for the users. If the users want to use services from the platforms, they need to accept all of the rules are set by the platforms. Furthermore, platforms can also change the terms without prior notice. With this system, how can users be fully informed with the way their personal information is being used?

Balancing the imbalance

One of the ways to balance the power imbalance is government regulations. Data privacy policies should put users’ control over their personal information as the central element. Users, as the central element, should have more bargaining power in knowing what types of information is being collected, why it is collected, and how it will be used. Moreover, users should have the power to delete their information from the platforms with minimum consequences. Therefore, transparency and ability to manage are two important variables in giving more power to users.

Take a look at one of the most comprehensive and strictest data protection laws, which is European Union’s General Data Protection Regulation (GDPR). It mandates social media platforms to ensure users give their informed consent when platforms collect their data. It ensures users have the right to understand the data processing on the platforms and request the removal of their data when necessary. It also enforces platforms for the transparency about how the user information is collected and processed. Those things show that GDPR is designed to address the power imbalance and giving more power to the users.

In terms of implementation, GDPR forces positive improvement in data minimization where platforms request fewer permissions to calendar and contacts. However, even though it was designed to empower users, the implementation is not as smooth as planned. Regarding deleting data completely, there is also a technical constraint and the need to keep some data for legal claims purposes. In terms of transparency, the GDPR also does not require platforms to actively notify users for every change in its policy. Despite, the flaws in its implementation, the design of GDPR is already on the right track in terms of the efforts in protecting users’ privacy.

Chapter finale

As digital advances and the increase of people’s presence online, the value of our information is also increasing. Platforms gain more motivation to collect and utilise users’ data. It leads to complications in protecting our privacy. There is a power imbalance between users and platforms as the platforms have more significant bargaining power with their provided services, and users do not have a choice but to give away their data as a requirement to use the services. We do not have power to protect our own private information. To address this issue, regulation plays a big role to give more power to users, balancing the power imbalance between platforms and users. By designing a regulation which puts users as the central element, it is a good start to empower users in safeguarding privacy. The final question is: do the regulators want to protect privacy of the public?