Only 9% of adults read privacy policies before agreeing, yet reading all policies encountered in a year would take 76 full work days, making informed consent a legal fiction for 91% of internet users

Privacy policies serve as the primary legal mechanism for obtaining user consent to data collection, yet Pew Research Center found that only 9% of adults read them before clicking 'I agree.' Carnegie Mellon University researchers calculated that reading every privacy policy an average internet user encounters in a year would require 76 full work days (approximately 244 hours). Users spend an average of 73 seconds on privacy policies, but proper comprehension requires approximately 30 minutes per policy. The majority of policies are written at the reading level of the U.S. Constitution, making them inaccessible to most adults. Why it matters: the entire legal foundation of data privacy consent is built on the assumption that users read and understand privacy policies, so when 91% of users do not read them, consent becomes a legal fiction, so companies can include sweeping data collection and sharing provisions knowing users will never see them, so regulators and courts treat 'click-through consent' as legally binding even when comprehension is effectively impossible, so the power asymmetry between companies that draft policies and users who must accept them to use essential services makes privacy a privilege of the legally sophisticated rather than a universal right. The structural root cause is that privacy regulation relies on a notice-and-consent framework designed for a pre-digital era when consumers interacted with a handful of companies, not the hundreds of digital services modern life requires, and no regulatory body has mandated standardized, machine-readable privacy labels analogous to nutrition facts labels despite decades of academic proposals.