The Washington Post reports that a recent poll conducted shows that 3 out of 5 Americans are unable or unwilling to use an infection-alerting app developed by Google and Apple. About 1 in 6 adults can’t use the app because they don’t own a smartphone—with the lowest ownership levels for those 65 and older. People with smartphones evenly split between those willing versus unwilling to use such an app.

The primary concern among those not willing to use such an app comes from the distrust people have about the ability or willingness of those two tech companies to protect the privacy of their health data. This unwillingness to use such an app, particularly after seeing the impact that the virus is having on the economy, is disturbing to scientists who have said that 60% or more of the public would need to use such an app to be effective.

This distrust of tech companies is nothing new. In November, the Pew Research Center published the results of the survey that showed how Americans feel about online privacy. That study’s preliminary finding was that more than 60% of Americans think it’s impossible to go through daily life without being tracked by tech companies or the government.

To make that finding worse, almost 70% of adults think that tech companies will use their data in ways they are uncomfortable with. Nearly 80% believe that tech companies won’t publicly admit guilt if they are caught misusing people’s data. People don’t feel that data collected about them is secure, and 70% believe data is less secure now than it was five years ago.

Almost 80% of people are concerned about what social media sites and advertisers know about them. Probably the most damning result of the survey is that 80% of Americans feel that they have no control over how data is collected about them.

Almost 97% of respondents to the poll said they have been asked to agree to a company’s privacy policy. But only 9% say they always read the privacy policies, and 36% have never read them. This is not surprising since the legalese included in most privacy policies requires reading comprehension at a college level.

There is no mystery about why people are worried about the collection of personal data. There have been headlines for several years talking about how personal data has been misused. The Facebook/Cambridge Analytica data scandal showed a giant tech company selling personal data that was used to sway voters. The big cellular companies were caught selling customer location data several times, which lets whoever buys it understand where people travel throughout each day. Phone apps of all sorts report back location data, web browsing data, and shopping habits, and nobody seems to be able to tell us where that data is sold. Even the supposed privacy advocate Apple lets contractors listen to Siri recordings.

It’s not a surprise that with the distrust of tech companies, it’s becoming common for politicians to react to privacy breaches. For example, a bill was introduced into the House last year that would authorize the Federal Trade Commission to fine tech companies to as much as 4% of their gross revenues for privacy violations.

California recently enacted a new privacy law with strict requirements on web companies that mimic the regulations used in Europe. Web companies must provide California consumers the ability to opt-out from having their personal information sold to others. Consumers must be given the option to have their data deleted from the site. Consumes must be provided the opportunity to view the data collected about them. Consumers also must be shown the identity of third parties that have purchased their data.

The unwillingness to use the COVID-tracking app is probably the societal signal that the hands-off approach we’ve had for regulating the Internet needs to come to an end. Most hands-off policies were developed twenty years ago when AOL was conquering the business world, and legislators didn’t want to tamp down on a nascent industry. The tech companies are among the biggest and richest companies in the world, and there is no reason not to regulate some of their worst practices. This won’t be an easy genie to put back in the bottle, but we have to try.