Privacy is complicated and no one wants to deal

From the RSA security conference this year comes a new survey on consumer attitudes towards privacy. And it’s not really surprising:

According to survey findings from research released at the RSA Conference 2019 on Tuesday, data privacy is a top concern for most people; out of 4,000 participants queried from January 14 to February 15, a vast majority (96 percent) of said that they care about their privacy (including most Millennials at more than 93 percent); and 93 percent said they use security software.

RSAC 2019: Most Consumers Say ‘No’ to Cumbersome Data Privacy Practices

So they asked people if they cared about privacy and got 96% agreement. Yep, almost all of us really like privacy.

But of course there’s more:

However, users did not follow through with some of the more difficult and cumbersome best practices for data privacy. For instance, only 32 percent said that they read privacy policies and End User License Agreements (EULAs) (and 66 percent say they simply skim through or do not read EULA or other consent forms at all).

No surprise either. And of course a lot of people reuse passwords and don’t bother to check permissions. Because that stuff is a hassle.

I say again: the fundamental premise of GDPR and most other privacy legislation (including California’s upcoming Consumer Privacy Act) is wrong. Legislators think that if you only tell users how their data is being collected and used, then they will strike the right privacy balance for themselves. But apart from a few privacy activists, they won’t.

Better to start carving off the low hanging privacy fruit. While we’re all concerned that companies might not be telling us exactly how they are using our data, some companies are out in the open (or at least in the EULA) selling our location data to the grey market. How’s that for a simple rule? Don’t sell user location data. Start there.