To hear some in industry and government tell it, the answer to our modern privacy dilemma is simple: give users more control.  There is seemingly no privacy-relevant arena, from social media to big data to biometrics that cannot be remedied with a heaping dose of personal control. Facebook founder and CEO Mark Zuckerberg said “What people want isn’t complete privacy. It isn’t that they want secrecy. It’s that they want control over what they share and what they don’t.”[1] Microsoft CEO Satya Nadella summarized his company’s focus on user control by stating, “Microsoft experiences will be unique as they will…keep a user in control of their privacy”, adding that the company will “[a]dvocate laws and legal processes that keep people in control.”[2] Google asserts that it “builds simple, powerful privacy and security tools that keep your information safe and put you in control of it.”[3]

Privacy regulators love the concept of control, too. The Federal Trade Commission, one of the chief privacy enforcers in the US, adopted it as a regulatory beacon.[4] “Consent”—one form of effectuating control—is the centerpiece of the European Union’s entire General Data Protection Regulation.  It legitimizes all kinds of personal data practices.[5] A few foundational privacy theories hold that the essence of privacy is control over personal information. Privacy scholar Alan Westin defined privacy as “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.”