We’ve all heard the saying: “if you’re not paying for the product, you are the product.” The underlying assumption of this phrase is that if we were paying for the product or service, then we wouldn’t need to ‘pay’ for it with our data.
But what if you could pay for privacy instead: Would you? Should you have to?
Pay-for-privacy models are characterised by users having the option to either pay a monetary fee to opt-out of data collection, or use the service at a discounted (or free) rate by ‘agreeing’ to data collection terms. This raises some pretty significant questions around how we perceive privacy and the value we place on it. It also forces us to grapple with the relationship between privacy, privilege and power.
The idea of putting a price on privacy is not new, but is once again rearing its head as technology companies and organisations face growing pressure to take privacy seriously. People are increasingly aware of, and dissatisfied with, data-hungry and privacy-invasive platforms. Alongside this, the looming threat of increased regulation, and other steps to reign in AdTech which could diminish the ability to fuel targeted advertising revenue models, mean that many companies are being forced to consider alternative revenue streams. For example, in July of this year, Twitter announced it was considering a subscription model to mitigate their advertising losses. In 2018, Facebook COO that any ability for their users to completely opt out of tracking and data profiling would be a paid offering.
It’s also currently a topic of heated debate in California as , a ballot initiative which, if passed, would amend California’s Consumer Privacy Act. One of the issues that has raised complaint from privacy advocates is that it would entrench the ability for businesses to charge users more if they opt-out of sharing their information, effectively allowing for pay-for-privacy models.
As an alternative to the more traditional ‘pay-for-privacy’ models, California’s Prop. 24 also introduces an alarming concept of consumers being reimbursed for the use of their data. This means that rather than individuals ‘paying’ for privacy, they would be paid for their privacy invasion. This concept is problematic in several ways. Not only does it further cement the commodification of data, it also does nothing to reduce the harm caused by excessive and intrusive data collection, and the myriad ways that data can be used, manipulated and shared. Rather than minimising privacy harm, it justifies it – as long as some miniscule part of the profit is shared with consumers.
Privacy and privilege
Before we even think about putting a dollar sign on privacy, we should consider the extent to which privacy already has a privilege issue.
For example, those experiencing financial or social disadvantage are often required to share much more of their personal information than others in order to receive services and support. The devices and software you can afford also dictate the standard of privacy and security you can enjoy from day to day. It is well known that an iPhone has extra privacy and security features, but they also are 2-3 times the price of an android device. Not everyone is able to pay for an email service rather than defaulting to a free gmail account. Lack of access to your own stable internet connection means you’re more likely to forfeit your browsing anonymity and online security by joining an open wifi network.
Making the decision not to use well known platforms that collect, use and share your information often comes at a price. But the price is not always monetary— your choice to disconnect from Facebook out of concern for your privacy may also come at a ‘cost’ that is much less than that of someone else who depends on that platform to connect with community they may otherwise lose access to, such as fellow LGBTQ+ people, or family members from their home country.
Even the very nature of being tech and privacy literate comes from a position of privilege: to have the tools, support, knowledge, and ability to protect yourself online is an immense advantage in and of itself, before we even start to talk about putting a monetary value on privacy.
Indeed, the experience of privacy is different for Black and Indigenous communities and People of Colour, who have historically (and continue to be) subject to disproportionate surveillance. This is often overlooked when wealthy white people lament the ‘modern’ erosion of privacy. As highlighted by activist and abolitionist, Mariame Kaba: “these violations span centuries for Black people, and are one reason for a racial disconnect in discussions about privacy and civil liberties. Black people have always been under the gaze of the state.”
It is clear that privacy already has to face up to its privilege. It’s not much of a leap to see how putting a price on privacy would serve to exacerbate inequality and create a classist privacy divide. Requiring people to pay for privacy would turn it into a luxury only available to those who are able (and willing) to pay for it.
So how much is privacy “worth”?
The value we place on privacy depends on how we think about it. As a notoriously difficult-to-define concept, privacy means different things to different people. It also evolves over time, between cultures, and across age groups.
From a company’s point of view, the value of any one individual’s data is fairly minimal. The actual value lies in the inferences that are able to be drawn about people’s interactions, and the meaning that is able to be extracted from access to millions of data points. It’s very much a case of the whole being greater than the sum of its parts (thanks Aristotle!). While it’s unlikely that Facebook and Google care too strongly about your data in isolation, they are very interested in the value of your data once it is combined with data about everyone else.
The reality is, humans are worth more than their data, and privacy is worth more than the arbitrary monetary value we assign it.
In Western societies, we overwhelmingly treat privacy as an individualistic issue. The idea of privacy is so wrapped up notions of my data or information about me, that we equate the value of privacy to what it means to us as individuals.
It’s this individualistic conceptualisation of privacy that spawned the adage “nothing to hide, nothing to fear”. Because if the value of privacy is purely personal, then if you don’t care about it, what does it matter if yours is invaded? But the problem is, it’s not actually only about you.
Instead, we need to consider the value of privacy as a collective. And once we look at it in this light, the idea of putting a price on privacy is revealed to be at best, overly simplistic, and at worst, actively harmful.
Shoshana Zuboff, author of The Age of Surveillance Capitalism, calls out the fundamental misconception that privacy is only an individual concern or value: “We have imagined that we can choose our degree of privacy with an individual calculation in which a bit of personal information is traded for valued services — a reasonable quid pro quo.” Similarly, Daniel Solove argues that “the value of privacy cannot be determined empirically by examining individual valuations of privacy.”
Unlike a product, privacy has social value beyond the price tag associated with your data under a system of surveillance capitalism. Beyond its inherent value as a human right, privacy also holds immense worth in its role in upholding other rights and freedoms. It’s difficult to enjoy freedom of speech or association if you don’t have privacy as a prerequisite. Privacy Commissioner of New Zealand, John Edwards, made the point in 2019 that This concept has even reached those who aren’t self-confessed privacy nerds, with Waleed Aly writing on how privacy (or the lack thereof) is a problem for a society more so than the individual:
This raises another important point: even if some people did opt to pay to protect their own privacy, it would do very little to protect the collective notion of privacy. The impact of mass data collection and pervasive surveillance would remain unchanged, even if the dataset excluded the data of the select few who would fork out to safeguard their own data.
What can be done?
First, we need to challenge the way we think about privacy and how we value it. This means reframing privacy from something purely individualistic, to a collective public good. We also need to resist the urge to think of data as capital (or, ‘the new oil’). Treating data like capital, or personal information like a tradable good, strengthens the problematic relationship between data and power. Each of us is more than merely a series of data points.
Second, we need to re-think the scope of privacy law. Too much of how we protect privacy is through legislation that is narrowly focused on the definition of “personal information,” which often acts as a gatekeeper to privacy protections. Further, rather than focusing on solely protecting data, we ought to be reframing it to protect people. With an eye toward harm-reduction, privacy law could be, as Marietje Schaake and Martin Tisne propose,
Much of the privacy discourse has not fully accounted for the growing power asymmetries between organisations and companies that collect data, and those who create it. While there are some changes on the horizon, our privacy framework in Australia still does not reflect the reality in which people are forced to make privacy-related decisions when dealing with systems they don’t always understand, while the system has learnt, by way of ingesting their data, how to manipulate their preferences. Adding the option to pay for privacy within this dynamic will only exacerbate the power discrepancy and deepen inequalities.
Third, we need to disrupt surveillance capitalism. This means denying the narrative that pervasive (and invasive) surveillance is a technological necessity. Privacy professionals, civil society groups and governments must push back against the idea that if we want technology and services that they must come with privacy invasion as byproduct. As Shoshana Zuboff notes in The Age of Surveillance Capitalism, mass collection of data is done not because it is necessary, but because it is profitable. Surveillance capitalism is an ideology, not a technological necessity. Adding a price tag to privacy would further strengthen surveillance capitalism’s grasp.
Finally, we need to absolutely deny the prospect of people paying for privacy. Putting a price on privacy stands to transform it into a luxury that only those with money can enjoy. The onus of respecting privacy should be on companies and organisations, not hand-balled over to individuals who may or may not be able to afford it. Beyond this, allowing a handful of people to pay for their privacy, or worse, ‘reimbursing’ people for the use of their data while doing nothing to address the underlying issues that cause harm, only creates an illusion of change. It is a red herring that tricks us into thinking that privacy is being respected or valued — all the while the data-hungry machines continue to work quietly in the background.
Photograph © Shutterstock