“You have zero privacy … Get over it,” Scott McNealy, then CEO of Sun Microsystems, declared in 1999.

What might have sounded like a bold claim at the turn of the millennium has turned into a self-fulfilling prophecy in today’s era of big data and artificial intelligence.

Computer algorithms – step-by-step instructions – can connect the digital breadcrumbs of your existence, including Google searches, browsing histories, social media posts, credit card records and GPS locations to paint an astonishingly accurate picture of your preferences, routines and inner mental life.

These profiles often describe people better than their closest friends and family might. Yours may even tell you something you don’t know about yourself.

And as McNealy said nearly three decades ago, many people seem to have given up on the idea of ever reclaiming their privacy. When was the last time you carefully read the terms and conditions of the products you’re using?

Why do so many people do so little to protect their privacy online? I’m a computational social scientist with a background in psychology and computer science and author of “Mindmasters: The Data-Driven Science of Predicting and Changing Human Behavior.”

In talking to my students as a business professor at Columbia University and giving public talks around the world over the past decade, I have come to realize that people often substitute the question of whether they care about their privacy with two simpler and misleading ones: Is sharing my data worth it? And am I worried about my data being out there?

These questions act as mental shortcuts. They seem reasonable, but can mask your true feelings and lead you to decisions that don’t serve your long-term interests.

The ‘it’s worth it’ fallacy

When I ask people whether they care about their online privacy, they often respond by listing the benefits they get from sharing their personal data: Google Maps navigation, Netflix recommendations, Uber rides.

These are fantastic perks, no doubt. But that’s answering a different question: Is sharing my personal data worth it?

Swapping these questions seems like a reasonable approach on the surface. People often assess value by how much it would hurt to give something up. For instance, I know that drinking five cups of coffee a day might not be great for my health, but I enjoy it too much to stop. Similarly, sharing personal data brings benefits you may be unwilling to give up.

But this substitution is problematic.

First, the upside of sharing data is typically obvious and immediate: If I share my GPS location, Google maps can tell me how to get from A to B. But the downside of sharing data is often far more nebulous and abstract. My GPS location, for example, can also reveal to anyone who collects or buys the data whether I might be at risk of depression. With the carrot in plain sight, and the stick hidden away, that’s hardly a fair battle.

Second, people’s attention naturally gravitates toward the few instances where data sharing benefits them. But those instances are the exception, not the rule. Much of your data is collected and used without any direct benefit to you at all.

Finally, even if the benefits were to outweigh the risks in a particular instance, that doesn’t mean you don’t care about privacy. Ideally, wouldn’t you prefer to enjoy these services while also maintaining a high level of privacy?

The ‘I have nothing to hide’ fallacy

A second common response is I don’t care because I have nothing to hide. This idea has been carefully nurtured by Big Tech: If you’re uncomfortable sharing your data, something must be wrong with you.

But that’s not true. Privacy isn’t about covering wrongdoing. It’s about maintaining control over your personal information and deciding how it is used.

You might not be worried about your data today, but that sense of safety can be fragile. Take history: In 1933, Germany was a democracy. In 1934, it wasn’t. Personal data, such as religious affiliation, included in the census, played a major role in enabling persecution during the Holocaust. Now imagine such regimes having access to today’s digital footprints.

That scenario may feel distant, but the principle is not. The 2022 overturning of Roe v. Wade – which had guaranteed a constitutional right to abortion for five decades – made privacy suddenly relevant for millions of American women, whose search histories, app usage and location data could suddenly be used against them.

No matter how safe you feel today, you cannot predict how your data will be used tomorrow.

Asking the right questions isn’t enough

Understanding the true value of privacy, and realizing that you care about protecting it more than you might have thought, is a necessary precursor to action. But personal motivation isn’t enough.

Managing your personal data in today’s world is time-consuming. It’s too much for even a very efficient and diligent person to read and decipher the legalese of all the terms and conditions they sign off on.

For the intention-action gap to close, the burden to protect privacy needs to shift away from individuals and toward systemic solutions. That means designing policies and technologies where the safe choice is the easy one, and where maintaining privacy doesn’t automatically mean giving up on convenience and better service. Privacy-by-design standards could include more restrictive default settings. Connected computers could process information without exchanging raw data by using decentralized networks such as federated learning. New forms of collective data governance such as data trusts could also help serve that function.

Because data is permanent but leadership is not, I believe that the real solution isn’t to expect people to outmaneuver the system that exploits them but to build one that is worthy of their trust.

This article is part of a series on data privacy that explores who collects your data, what and how they collect, who sells and buys your data, what they all do with it and what you can do about it.

Sandra Matz does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.