Photo: Unsplash
How Privacy Became a Luxury Product (And Who That Hurts Most)
An iPhone 15 Pro costs $999. A Motorola Moto G Power costs $229. Both are smartphones, in the same way that a Rolls-Royce and a Hyundai Elantra are both cars. But the difference between them isn’t just screen resolution and processing speed. It’s also privacy.
Apple has built differential privacy, on-device processing for sensitive tasks, App Tracking Transparency, and a general product philosophy oriented around minimizing data collection into its hardware and OS. This is partly altruism and largely competitive differentiation — Apple has made privacy a brand attribute because Google and Meta’s ad-targeting business model makes Apple’s own “we don’t sell your data” position genuinely distinctive. Whatever Apple’s motives, the privacy architecture of an iPhone is meaningfully better than the privacy architecture of an Android phone running carrier-modified software on cheap hardware with a dozen pre-installed apps that cannot be uninstalled and that report location data to advertisers.
The person paying $229 for their phone often can’t afford the $999 alternative. The person who can’t afford the premium phone is the person whose location, purchasing behavior, social graph, and search history gets traded more aggressively. Privacy, in this sense, is a luxury good.
This was not inevitable. It was a choice. The smartphone industry could have standardized on stronger privacy defaults that applied to all price points — there’s no physical or engineering reason that a cheap Android phone must come with data-collection-as-a-service baked into the carrier software. The reason it does is that the device subsidy model in mobile telecommunications has historically depended on the manufacturer making the device cheap by allowing aggressive data collection. The carrier gets the data revenue. The user gets the cheaper phone. The user is not always aware they’ve made this trade.
The phone is just the entry point. The stratification runs through the entire digital experience.
Ad-supported services are free and data-heavy. Paid services are more expensive and, typically, substantially less data-hungry. Gmail is free and scans your email for targeting signals. Fastmail costs $5/month and does not. Spotify Free interrupts you with ads and collects detailed listening behavior for advertisers. Spotify Premium costs $11/month, has no ads, and has a stronger contractual privacy position. YouTube with ads collects viewing data that feeds Google’s advertising engine; YouTube Premium costs $14/month. These are not large amounts of money in absolute terms. They are large amounts of money for people living paycheck to paycheck, which in the United States is approximately 63% of adults.
The result is a systematic pattern: people with lower incomes use the ad-supported versions of services, which are the versions that extract more data. People with higher incomes buy the premium versions, which extract less. The data extracted from lower-income users is then used to model and predict behavior across the broader population — including in ways that can affect access to credit, insurance pricing, and (in legally contested but practiced ways) employment.
This is not new. It’s the pattern of industrialization applied to information.
In Victorian England, the factories and their attendant pollution were built in working-class neighborhoods. Manchester’s industrial districts in the 1840s — which Engels documented in “The Condition of the Working Class in England” (1845) — were characterized by coal smoke, contaminated water, and dense housing without adequate sanitation. The wealthy lived upwind, in suburbs with parks and distance from the factories. The poor lived downwind, breathing the air produced by the industrial system that generated wealth that accrued mostly to the wealthy. The people least able to protect themselves from industrial externalities were the people bearing most of the industrial externalities.
The surveillance economy runs on the same logic. The people with the least political power to demand privacy protection — low-income users without lobbying representation, users in jurisdictions with weak privacy law, users whose employment depends on platform-mediated gig work that requires sharing location and behavioral data — are the people who receive the least protection. The people with the most political power to shape privacy regulation — wealthy users, users in the EU where GDPR gives them strong rights, users who can afford lawyers and VPNs and private email — are the people who bear the least cost from the surveillance system.
GDPR is a genuinely important intervention here, but it has a geography problem. It applies to EU residents, who are protected. It doesn’t apply to users in Kenya, Indonesia, Brazil, or rural Alabama. The global surveillance economy primarily extracts data from populations without GDPR-equivalent protections. This is not an accident in the same way it wasn’t an accident that the factories were built in working-class neighborhoods.
The location data market is a useful specific example. Companies like SafeGraph, Placer.ai, and a dozen others aggregate location data from mobile apps — often through SDK integrations that app developers add for monetization — and sell it to retailers, hedge funds, real estate developers, and (before regulators started paying attention in 2021) government agencies. The users generating this location data did not meaningfully consent to its collection; they tapped “agree” on a 47-page terms of service document they didn’t read.
Who generates the most valuable location data? People who visit stores frequently, commute by public transit through variable routes, and whose physical movement patterns reveal detailed information about their daily lives. Who generates that data? Primarily working-class people who can’t work from home, who rely on public transit or vehicle fleets that track them, who shop at physical retail rather than buying online. The hedge funds buying this data use it to predict retail traffic, informing investment decisions that ultimately affect the companies where these same people work.
It’s a closed loop. The people whose behavioral data is most valuable to extract are often the people most affected by the decisions made using that data. Their data is the input. Their employment and purchasing power is part of the output. They are not compensated for the input. They bear the externalities of the output.
Privacy law, where it exists, is shaped by the people with the most lobbying resources in the jurisdictions with the most political influence. The California Consumer Privacy Act (2018) was the most significant US privacy law passed in the smartphone era. It was weakened substantially before passage, with carve-outs for employment data, for data sold to law enforcement, and for various commercial contexts. The industry lobbying against the original bill spent $45 million. Consumer advocacy groups supporting stronger protections had no comparable resource. CCPA passed in the form that the industry found acceptable.
The people who would have most benefited from a stronger CCPA — low-income Californians whose data is most heavily monetized, gig workers whose location is tracked continuously, people of color who are overrepresented in the datasets used for automated decision-making in lending and insurance — were not represented in the lobbying process in any meaningful way. This is the standard operation of US regulatory politics applied to privacy, and the outcome is predictable.
VPNs are sometimes offered as a solution. They’re not wrong, exactly. A VPN can prevent your ISP from seeing your traffic. It cannot prevent the apps on your phone from reporting your location to their data brokers. It cannot prevent your credit card company from selling your purchase history. It cannot fix the fact that your Android carrier software has permissions to your microphone that you cannot revoke without voiding your phone. And setting up a VPN correctly requires technical knowledge that is not evenly distributed. Privacy tools require privacy sophistication to use correctly, and privacy sophistication is itself correlated with income and education.
The surveillance industry’s standard response to all of this is consent. Users agree to terms of service. The data collection is disclosed. The targeting is disclosed (in the settings menu, nine screens down). This is the moral equivalent of telling a factory worker that the coal smoke is disclosed in their employment contract and they’re free to not work there. Technically true. Descriptively useless.
Real consent requires genuine alternatives and genuine understanding of what’s being agreed to. A user who needs a smartphone to function in a modern economy and can only afford a $229 Android phone has no genuine alternative when the $229 phone comes with aggressive data collection. A user who cannot read the terms of service — because they’re in legally precise English, twenty thousand words long, designed to be not read — has not meaningfully consented to what the terms describe.
The people making these arguments about consent — tech company lawyers, academic economists who model “preference satisfaction” in advertising markets — are overwhelmingly not the people bearing the costs of the surveillance they’re defending. This is worth stating plainly. The people arguing that surveillance capitalism is fine are not the people whose credit scores are affected by their spending behavior models, whose employment prospects are shaped by social media signals sold to background check companies, whose insurance premiums are affected by data broker profiles they can’t see or contest.
The privacy-as-luxury-product dynamic will not self-correct. Markets that charge for privacy by default provide privacy to those who can pay. The intervention that changes this is regulation — strong, technically literate, globally coordinated privacy law that doesn’t have carve-outs for everything the industry finds inconvenient. The GDPR is the closest thing that exists. Its scope needs to be substantially broader, and its equivalent needs to exist outside Europe. Neither of those things is likely in the near term, which means the stratification continues.
What would actually help? Privacy-as-a-default regulation rather than privacy-as-an-option regulation. GDPR’s opt-in consent model is meaningful but companies have become sophisticated at consent fatigue — overwhelming users with cookie banners until they click “accept all” just to make them go away. Stronger regulation would require that privacy-protective defaults apply regardless of user consent, specifically in high-risk categories: precise location, health data, financial behavior, social graph. You would need to explicitly opt in to sharing these, and the opt-in interface would need to be as prominent as the data collection itself.
The people most affected by surveillance capitalism are also the most underrepresented in the policy process that would produce this regulation. This is the circular trap. Breaking the trap requires either that advocacy organizations with resources make privacy a cross-class issue — which some are trying to do — or that a sufficiently visible harm catalyzes political attention. The latter tends to require a specific, named victim with a sympathetic story. The harms of surveillance capitalism are diffuse, statistical, and mostly invisible to the people experiencing them. Which is, of course, by design.
One email a month: the upcoming live event + free recording access for subscribers. No spam, unsubscribe anytime.


