Skip to content
Accepting cookies
15 September 2022

Caring about privacy but accepting cookies? Questioning the privacy paradox.

Have you ever asked yourself why you agree to privacy agreements like cookies on a website way faster and consider them less online than offline? This phenomenon is called the privacy paradox, but is it really so paradoxical or are there eventually reasonable explanations for our online behaviour?

What is the privacy paradox?

The privacy paradox is understood as a concept attempting to reconcile consumer behaviour with privacy concerns (Martin, 2019, p. 67). In short, it can be defined as follows: “People’s concerns toward privacy are unrelated to their privacy behaviours. Even though users have substantial concerns with regard to their online privacy , they engage in self-disclosing behaviours that do not adequately reflect their concerns” (Dienlin, Trepte 2014).

Living in an information society

Information and Communication Technologies (ICTs) “are radically transforming devices because they engineer environments that the user is enabled to enter through gateways, experiencing a form of initiation” (Floridi, 2010, p. 5, Ch. 1). ICTs are changing our world as much as they are creating new realities. The distinction between the analogue offline and the digital online is quickly becoming blurred. “This recent phenomenon is variously known as ‘Ubiquitous Computing’ , ‘Ambient Intelligence’, ‘The Internet of Things’, or ‘Web augmented things’ (Floridi, 2010, p. 8, Ch. 1). Floridi (2010) calls this the information society, in which we are depending on ICTs because they have become a part of our reality.

How cognitive barriers influence our privacy behaviour

In the information society, we have to make privacy decisions in a limited amount of time, which companies use to their advantage. Cranor (2012) estimates for example “that it would take a user an average of 244 hours per year to read the privacy policies of every website she visits, or 54 billion hours per year for every United States consumer to read every privacy policy she encountered (McDonald & Cranor, 2008)” (Waldman, 2020).

Research has identified plenty of cognitive and behavioural barriers to rational privacy and disclosure decision making (Acquisti, Brandimarte, & Loewenstein, 2015; Camerer, 1998). One of the most pervasive cognitive biases is for example hyperbolic discounting (Waldman, 2020). The tendency to overweight immediate consequences of a decision and to underweight the ones that will occur in the future makes rational disclosure decisions difficult for the consumer. On top of the disclosure often carry certain immediate benefits like access. “But the risks of disclosure are usually felt much later. As such, our tendency to overvalue current rewards while inadequately discounting the cost of future risks makes us more willing to share now” (Waldman, 2020). The decision making process in general, as well as privacy decisions, is thus affected by incomplete information and bounded rationality (Acquisti & Grossklags, 2005). Additionally, we do not have access to all necessary information in order to make a fully informed judgement about the trade-offs involved (Kokolakis, 2017, p. 130).

An alternative approach

Kristen Martin found in her study that “consumers may be consistent in stating privacy concerns and expectations in surveys, while also retaining those concerns and expectations after engaging with a website” (2019, p. 72). She and other scholars push to overthink the privacy paradox assumption, that all privacy claims disappear after disclosure (Dienlin & Trepte, 2014; Martin, 2019; Solove, 2021). This assumption is problematic for clear responsibilities over the consumer’s data.

Privacy as a Core Value

When we say that privacy is a core value, it means that privacy needs to be protected all the time, and that firms should be held accountable for what happens with the consumers’ data after the disclosure. Martin says that “scholars who make normative claims about privacy have been arguing for privacy as a core value, which is necessary for individual autonomy and development, to foster intimacy and relationships, and for societies to flourish” (2019). Core values are not negotiable, they are positive goals we seek to attain and require in our communities (Donaldson & Walsh, 2015; Martin, 2019). Martin points out, a positive obligation to identify and respect privacy expectations from consumers is essential to business ethics (Martin, 2018; Shue, 2020).  

Where to go from here?

Evidence suggests that individuals care about their privacy even after information disclosure. The human cognitive bias in the online environment, together with the missing information for a fully informed decision, makes the decision-making processes difficult and explains the gap between the users’ privacy preferences and the disclosure behaviour. It raises the question whether the privacy paradox is really one. The privacy paradox has furthermore problematic implications for responsibilities over the consumers’ data. It places the primary responsibility for personal data on consumers, which means that companies bear little to no responsibility. An alternative approach could be seeing privacy as a core value, which would give firms a positive obligation to identify and respect privacy expectations.

Johanna Klix

Former student assistant: Knowledge & Society

Sign up for HIIG's Monthly Digest

and receive our latest blog articles.

Further articles

The picture shows multiple hands holding each other, symbolising the integration of gender and inclusivity into digital cultural policies.

Integrating gender and inclusivity in digital cultural policies: insights from Berlin and Barcelona

Could Berlin and Barcelona's integrative approach to digitalisation serve as a blueprint for a new European cultural policy in the digital age?

The picture shows colourful puzzle pieces, symbolising that AI for environmental protection is one part of many to protect our planet.

One small part of many – AI for environmental protection

What role does AI play in applications for environmental protection? This blog post takes a look at six German projects that use AI for this purpose.

The photo shows a hand holding a digital map on a smartphone, symbolising GIS technology and Geodata.

Navigating the Urban Maze: GIS technology and the blurring boundaries between digital and physical infrastructure

The progression of GIS technology and Geodata questions if digital maps should be regarded as physical public infrastructure.