With so much in the news about the privacy transaction at the moment, it is important to bear in mind that this is really a conversation that should have been taking place ten or fifteen years ago. As this article observes, there is a curious inertia to data subjects, that they continue to share data even with organisations that have already failed to safeguard their privacy. The model of services that are free at the point of delivery but paid for in access to user data is simply so heavily ingrained now, that it is very difficult to change course.

With the sense that there is no alternative, it is hardly any wonder that we see inertia, even in the face of data breaches. It even makes it unlikely that, taken on its own, publication of a risk profile of the data practices of sites or applications would address the problem.

Part of the solution must therefore be to better educate data subjects about the value of their data, in addition to ensuring that they understand what is being collected and how it will be used. The information asymmetry between data subjects and the companies that want their data can only be redressed if individuals are encouraged to think about the value of what they are being asked to share. Then they can make a truly informed decision about whether to expose their data to the risks involved.