Thought experiment: What if you go to a bakery and buy a bread roll for $2.99 and the baker says “you can have it for free if you give me all your family photos and the rights to analyze them using robots and sell your data.”
Most people, I reckon, wouldn’t take that deal. But at the same time if, say, they need some software that performs some simple task, they go online and prefer using some free SaaS thing that, in exchange soaks up their their data instead of being willing to pay even $2.99 per month for a similar service that doens’t.
One could argue that users don’t want to spend money on something that isn’t tangible and perpetual. But while a bread roll is tangible at the time of purchase, it also expires after a while (arguably, earlier than the 2.99/mo subscription service) and isn’t exactly tangible while it provides the service of not being hungry for a while. This also doesn’t explain why people are willing to give up their privacy so easily.
Another reason might be that even if you use a paid service instead of the “free” data-leech, there’s no reason to actually believe that your data is secure. Most terms of service for anything say something like “we may change our terms of service at any time”, so even if you sign up today, believing that it is secure, your privacy might be gone tomorrow. The last, and most shocking version is that users simply don’t read the ToS and are completely oblivious to anything.
I don’t know what else to say about this, but I believe we need some regulations and privacy laws that outlaw any unnecessary data use (or sales) without the explicit written (yes, paper signature) consent of the user that was made while an attorney was present, while also enforcing that all other user-specific data must be end-to-end encrypted using open standards.
The current system we have is insanely libertarian and essentially gives technology companies the rights to do anything they want with user data, exploiting normal everyday user’s inability to comprehend what’s going on.