A new study conducted by Monash University has found many Australian’s fear their data is being mis-used online, but don’t know how or why.
This gap, being described as ‘fractured awareness’, is leaving millions feeling anxious, confused, and unable to act.
Lead author and software engineering researcher Dr Omar Haggag, from Monash’s Faculty of Information Technology, said the survey of 239 Australians found most believe their personal data is being misused online, but fewer than one in five understand how this actually happens, revealing a widespread “privacy knowledge crisis”.
“Many Australians have a strong sense that their privacy is being compromised, but they don’t have the tools or knowledge to explain what’s happening,” he said.
“This creates fractured awareness, where people feel uneasy and distrustful, but also powerless to act because the systems are too complex or opaque.”
Haggag said the findings come at “a critical time” while Australia reviews its Privacy Act and faces increasing concerns over data misuse by global technology platforms.
The study identifies three types of users: those who trust too much, those who have given up, and a small minority actively trying to protect themselves.
Participants were surveyed on themes including knowledge of privacy laws, understanding of online tracking and consent mechanisms, perceptions of how personal data is accessed, and trust in government, technology companies and employers handling private data.
The survey results showed that more than 50 per cent of participants lacked a clear understanding of online tracking and consent, including whether privacy policies protect companies or users.
Older respondents were more likely to lack awareness of technical aspects of digital privacy, while younger participants expressed higher suspicion of microphone listening and device tracking. More than 60 per cent of lower income participants reported they were ‘resigned’ and had given up on controlling their data.
The research also found widespread misconceptions about how privacy protections work. More than two-thirds of participants incorrectly believed that privacy policies prevent companies from sharing their data, while many assumed explicit consent is always required before tracking occurs.
These misunderstandings contribute to what the researchers describe as an ‘illusion of protection’, where the presence of privacy settings, policies and legal frameworks gives users a false sense of security.
Study co-author and human-centric software engineering expert Professor John Grundy said the findings point to a deeper, systemic issue in how digital privacy is designed and communicated.
“Current systems often assume users are informed and able to make meaningful choices, but our research shows this assumption does not hold,” Professor Grundy said.
“When privacy tools and consent mechanisms are confusing or misleading, they don’t empower users, they can actually reinforce misunderstanding and erode trust.”
