The saying goes: ask for forgiveness, not permission.
But when it comes to Facebook there's a common line of defense in response to persistent concerns over how it handles user data: We did it with permission.
After the New York Times reported Facebook gave tech companies like Amazon, Microsoft, and Netflix special access to user data, including the ability to see private messages, the social media company answered "none of these partnerships or features gave companies access to information without people's permission."
The problem, experts say, is that many users don't realize they are giving permission at all.
"While it is true that some data sharing would have been expected by consumers, much of what was described in the reporting would not reasonably have been expected," said Brian Wieser, senior research analyst covering Facebook at Pivotal Research Group, in a note published Wednesday.
A 2017 Deloitte survey of 2,000 U.S. consumers found 91 percent of respondents willingly accept legal terms and conditions without reading them before installing apps, registering Wi-Fi hotspots, accepting updates and signing into online services such as video streaming. That percentage increased to 97 percent among 18 to 34-year-olds.
ZUCKERBERG: Senator, I do not.
JOHNSON: Would you imagine it's a very small percentage?
ZUCKERBERG: Senator, who read the whole thing? I would imagine that probably most people do not read the whole thing. But everyone has the opportunity to and consents to it.
One of the problems for both users and companies like Facebook is defining consent in the first place.
Michael Veale, a researcher in the science, technology, engineering and public policy of University College London, told CNBC Thursday consent in the U.S. is often based on a one-time approval of a company's terms and conditions. But he said the U.S. is moving in the direction of more European-style regulation.