Data breaches and data misuse are frequent occurrences in today’s
digital society and often spark debate over who should hold responsibility. While many hold
the platforms responsible when confronted with violations of data privacy, some users shift
the blame inward for trusting the platforms and posting on them. While a large body of
research has dedicated itself to issues of data privacy, discourses of individual
responsibility and the internalization of user self-blame have received less attention. This
study explores how users respond to unknown use of their personal data through the case of
CrystalKnows, a personality detection algorithm that generated profiles about individuals
using unknown data sources, often without the user’s knowledge. Founded in 2015,
CrystalKnows claims to have the world’s largest personality database, providing and selling
algorithmically generated user profiles, often without the express consent of these
individuals. Interviews were conducted with individuals whose profiles appeared on the
platform (N=37) to reveal users’ reactions and rationalizations of the data collected about
them. Rationales of self-blame vary but commonly center issues of ambiguity concerning
digital consent and the algorithm itself. Ultimately, these contribute to feelings of
resignation often paired with the unrealistic alternative of total platform non-use. We
argue that these complex discourses of self-blame, independence/choice, and
resignation/non-use as the only options are intertwined with data privacy reform efforts.
Understanding the sources of self-blame and how deep it runs is an important step to
interrogating and refuting some of these assumptions, if broader reforms hope to garner
support and implementation.