A Critical Take on Privacy in a Datafied Society

TL;DR

This paper critically examines the complex factors affecting online privacy, analyzing industry practices, societal impacts, and regulatory approaches, with a focus on the EU's GDPR and emerging AI policies.

Contribution

It offers a nuanced critique of the simplistic narratives around privacy, exploring industry motives, behavioral effects, and the limitations of current regulations like GDPR.

Findings

Industry practices contribute to privacy erosion

GDPR has both strengths and critical flaws

Emerging AI policies pose new privacy challenges

Abstract

Privacy is an increasingly feeble constituent of the present datafied world and apparently the reason for that is clear: powerful actors worked to invade everyone's privacy for commercial and surveillance purposes. The existence of those actors and their agendas is undeniable, but the explanation is overly simplistic and contributed to create a narrative that tends to preserve the status quo. In this essay, I analyze several facets of the lack of online privacy and idiosyncrasies exhibited by privacy advocates, together with characteristics of the industry mostly responsible for the datafication process and why its asserted high effectiveness should be openly inquired. Then I discuss of possible effects of datafication on human behavior, the prevalent market-oriented assumption at the base of online privacy, and some emerging adaptation strategies. In the last part, the regulatory approach to online privacy is considered. The EU's GDPR is praised as the reference case of modern privacy regulations, but the same success hinders critical aspects that also emerged, from the quirks of the institutional decision process, to the flaws of the informed consent principle. A glimpse on the likely problematic future is provided with a discussion on privacy related aspects of EU, UK, and China's proposed generative AI policies.