Who Balances Privacy?

It’s unclear why the New York Times’ Editorial Board thinks the EU’s GDPR is “leading the way” if they are concerned about the “legal fiction of consent”:

The average person would have to spend 76 working days reading all of the digital privacy policies they agree to in the span of a year. Reading Amazon’s terms and conditions alone out loud takes approximately nine hours.

Why would anyone read the terms of service when they don’t feel as though they have a choice in the first place? It’s not as though a user can call up Mark Zuckerberg and negotiate his or her own privacy policy. The “I agree” button should have long ago been renamed “Meh, whatever.”

How Silicon Valley Puts the ‘Con’ in Consent

GDPR does not fix this problem. The whole premise of GDPR is that consumers should be able to balance their privacy concerns if they only understood and controlled their own data: “Natural persons should have control of their own personal data.

But look, data is really complicated. That’s sort of the entire point of big data. Meanwhile the public seems outraged on the one hand that there is not enough disclosure (“users are not able to fully understand the extent of the processing operations carried out by Google”), and on the other hand that there is too much disclosure (“we discovered that privacy policies have greatly increased in length over the past 10 years”).

Here’s the bottom line: no one wants to read privacy policies. And unless it becomes comically simple, users will not balance their own privacy interests. Solve for the equilibrium.