If you ventured down the rabbit hole of Cyber Monday sales earlier this week, chances are you were too busy keeping an eagle-eye out for free shipping or great deals to notice any text that might have flashed across the screen concerning the use your personal data.

Bargain-induced blindness is not an unheard of phenomenon—but placing too much faith in the average person's engagement, understanding or even awareness of opting in or out of certain data handling processes could be knocking the balance between consumer and business interests somewhat off kilter.

“There are lots of people in the U.S., as we start thinking about a national law, who think that there need to be some ground rules set for companies that are not dependent on a customer agreeing or not agreeing,” said Kirk Nahra, a partner specializing in privacy and information security at Wiley Rein.

Many of the laws surrounding privacy in the U.S. require companies to inform consumers about how their personal data will be used, the rationale being that the average person can then decide how they wish to proceed.

Rules that hinge on a consumer's ability to “opt in” or “opt out” of a specific data use are kind of like voting—that voice doesn't matter much if they don't show up to the polls. Nahra pointed to U.S. financial services laws that provide banks with ample flexibility as long as they provide consumers with the chance to opt out.

“Most consumers don't opt out so that means the bank can do whatever they want. A law written a different way that says the bank can only do A, B and C unless the consumer opts in would dramatically alter the balance there,” Nahra said.

How much people are actually engaging, or care about their privacy in general, is open to debate. The results of a 2018 global consumer trust report released by the Mobile Ecosystem Forum, a global trade body seeking to advance a sustainable mobile ecosystem, might indicate that attitudes are beginning to shift further in the direction of awareness.

According to the report, 68 percent of respondents think that it's important to know how their personal data is being used and 97 percent believe that they have legal rights around their personal data—but do not have clarity on what those rights constitute. Insights were compiled from smartphone users surveyed from 10 different markets around the world.

Jordan Louise Fischer, a co-founder managing partner at XPAN Law Group, thinks people in the United States generally place a greater emphasis on how data is being secured rather than privacy or all of the information that they give away for free.

“In Europe that's very different. They are very aware of their privacy rights; they're more privacy-oriented period. There's a huge cultural difference in that,” Fischer said.

Privacy is even listed in the second title of the European Union's Charter of Fundamental Rights, and that seriousness is reflected in the body's General Data Protection Regulation (GDPR), which Nahra characterized as taking an altered approach to balancing consumer and business interests.

“GDPR puts some controls on companies whether the consumer has any idea of what's going on or not, and then on top of that creates some ability for consumer control,” Nahra said.

A similar cultural shift in the U.S. could take a lot longer, but the seeds could already be there. Senator Ron Wyden recently released a draft of a Consumer Protection Act that among other things would institute a Do Not Track list that would prohibit companies from sharing the data of the included consumers or using it to present targeted advertising.

Rebecca Rakoski, Fischer's co-founder and a managing partner at XPAN, isn't sure that pieces of legislation like that would have been introduced five years ago.

“I think that's why you're seeing the federal government at least try and do something here, because there is a sense that people at least want to start to protect certain information,” Rakoski said.