Privacy Fatigue
You're excited for the weekend as you peruse apparel websites on a Friday afternoon during your lunch break…
For each site you enter, you encounter the website's cookie consent options: "Manage preferences," "Reject all," or "Accept all."
What do you click?
This straightforward decision has a direct impact on how much of your internet behaviour is monitored and how your information is shared.
Over the past ten years, many people's concerns about online privacy have grown, and more individuals are beginning to recognise how exposed they have become while sharing information online.
In the United Kingdom, 97.6% of the population uses the internet as of February 2025. Unfortunately, this widespread internet usage has been accompanied by repeated consumer data breaches.
What is Privacy and Consent Fatigue?
Recent research has found that these repeated data breaches have contributed to people having a sense of futility, ultimately making them complacent when it comes to their online privacy. This is a phenomenon called “privacy fatigue.”
The reality of the privacy fatigue phenomenon is that individuals become exhausted and desensitised to privacy concerns due to the constant barrage of data breaches, consent requests, and complex privacy settings.
Comments among those who expressed feelings of privacy fatigue included:
○ “I get tired of remembering all my different usernames and passwords.”
○ “I keep all my PINs the same as I already have enough different information I have to remember.”
○ “It's too time-consuming to go through additional security measures to access my accounts or get locked out of my account, I have 300 different passwords and only 3 attempts.”
○ “If my data has already been stolen and leaked, why does it matter if I share it elsewhere?”
○ “Realistically, the world knows enough about me already through social media.”
Credit: NIST
One of the most common manifestations of privacy fatigue is consent fatigue. We are all familiar with the cookie consent banners that eagerly pop up on every website we visit. And how these banners, intended to give users control over their data, often have the opposite effect.
Often, it is unclear what these cookies are actually tracking (and how the data is being used). Hidden behind menus and phrasing that most users do not understand, or do not take the time to read.
Both phenomena are privacy issues. It is becoming more apparent that recent legal requirements for consent have led to ‘consent desensitisation,’ which undermines privacy protection and trust in data processing.
What counts as consent?
In 2023, the Information Commission stated that to be valid, consent must be freely given, specific and informed. It must involve some form of unambiguous positive action – for example, ticking a box or clicking a link – and the person must fully understand what they are giving consent to.
But let us ask you this; When was the last time you read a cookie consent banner, including what it has access to?
The recent change in the legal requirements of online consent forces the hand of each user to make an on-the-spot security decision. This contributes to this rise in privacy and consent fatigue.
Visit this link to learn more about cookie consent legislation in the UK.
The Privacy Paradox
The concept of privacy fatigue is also closely linked to yet another paradoxical idea, the “privacy paradox.”
It talks about the discrepancy between our stated intentions and our actual behaviours.
Case Study: Understanding the Privacy Paradox and its effects on social media users
Report: ‘A high level of personalisation on social media platforms increases users’ sense of losing control over personal data.’
In the study, 508 participants answered an online questionnaire designed to reveal levels of privacy fatigue in users, and whether certain personality traits might make someone susceptible to privacy fatigue.
For the study sample, 79% of their respondents were women, and 21% were men. Their respondents were highly educated, with 66% having a bachelor's degree. 99% of the respondents use social media daily, with 45% spending 3 or more hours on social media.
How was Privacy Fatigue defined to participants?
The authors defined privacy fatigue as a novel psychological phenomenon that reflects "users' boredom with online privacy issues and requirements, which leads to a lack of privacy-protective behaviour." Just like general fatigue, privacy fatigue has two main components:
Cynicism, or a general negativity and distrust of privacy protection
Emotional exhaustion, or being "tired" of trying to maintain your privacy
How was the study conducted?
The researchers created a predictive statistical model using machine learning to predict a ‘class outcome.’ In this case, the class outcome was someone's level of privacy fatigue.
The model used responses about social media users' information privacy awareness (IPA) and personality traits to predict whether someone might experience fatigue. The questionnaire was distributed via social media, and the results were analysed using machine learning algorithms.
Results - Does Social Media Cause Privacy Fatigue?
The study revealed that 395 out of the 508 participants had a moderate-to-high level of privacy fatigue, suggesting that social media use is associated with increased levels of both cynicism and emotional exhaustion when it comes to personal data privacy.
They found a significant negative association between conscientiousness and privacy fatigue. In other words, people who described themselves as conscientious were less likely to report symptoms of privacy fatigue. The authors hypothesise that this is because conscientious people are more likely to be careful about their online behaviour. Read the full case study findings here.
What does this mean for your business?
The results of the survey align with our recommendations that any long-term data privacy and security strategy must include an ongoing assessment of information security and data retention programs, along with an incident response plan. This is to help tamp down the very real risks and costs associated with security incidents and data breaches.
The findings also highlight the critical importance of education in addressing the issue of privacy fatigue. When users are well-informed about the risks associated, they are more likely to take proactive steps towards privacy protection.
Remember, your users are the most vulnerable part of your cyber defence strategy, ensuring that they have continuous training around cyber security and data protection can help to keep them safe and more vigilant online. Employees who complete regular training around cyber security and data protection could reduce their risks by as much as 70%.
Another way to maintain your privacy online is to regularly review and update the permissions granted to apps and websites, ensuring that only necessary information is shared. You should also engage in online hygiene practices, such as deleting unused accounts, and regularly clearing cookie cache on a regular basis. In many cases this can be done automatically within date ranges through your web browser.
Additionally, we recommend that all individuals, especially business owners and decision-makers, enhance their data access and sharing policies, ensuring that they abide by PoLP and implement PIM & PAM solutions to manage data access. Lastly, be cautious clicking on unauthorised links and avoid public Wi-Fi networks, this can prevent unauthorised access to personal data.
If you are concerned about privacy fatigue in your employees, contact us directly.
Book a consultation today. Our services can provide you with the tools and support you need.