CONCLUSION

Whether or not personal information is the ‘new oil’ of the information economy, the use of that information by economic actors is a central focus of Internet economists and regulators.

Behavioral economics research is improving the understanding of cognitive biases that can lead to non-optimal privacy decisions by individuals. Bounded rationality, time-inconsistent preferences, optimism bias and context-dependence have all been dem­onstrated to apply to information disclosure decisions. This is one, ‘paternalistic’, justifi­cation for regulation of the kind described by Thaler and Sunstein (2008). A second is the reduction of market failure resulting from information asymmetries, negative externali­ties, and market concentration. The third is non-economic, considering privacy as a vital underpinning of democracy, individual autonomy, and human rights including freedom of expression and association. These factors have all contributed to increased levels of privacy regulation worldwide, with many countries strongly influenced by the European Union’s comprehensive system of data protection rules.

NOTE

* This research was supported by the EU FP7 EINS project under grant agreement No. 288021.

REFERENCES

Acquisti, A. (2002), ‘Protecting privacy with economics: Economic incentives for preventive technologies in ubiquitous computing environments’, in Proceedings from the Workshop on Socially-informed Design of Privacy-enhancing Solutions, 4th International Conference on Ubiquitous Computing, accessed 3 April 2016 at http://www.academia.edu/2830436/Protecting_privacy_with_economics_Economic_incentives_for_ preventive_technologies_in_ubiquitous_computing_environments.

Acquisti, A. (2004), ‘Privacy in electronic commerce and the economics of immediate gratification’, in Proceedings from EC’04: The Fifth ACM Conference on Electronic Commerce, New York: ACM Press, pp. 21-9, accessed 3 April 2016 at http://www.heinz.cmu.edu/~acquisti/papers/privacy-gratification.pdf.

Acquisti, A. and J. Grossklags (2003), ‘Losses, gains, and hyperbolic discounting: An experimental approach to information security attitudes and behavior’, in Proceedings of the Second Annual Workshop on the Economics of Information Security (WEIS’03), accessed 3 April 2016 at http://www.heinz.cmu.edu/~acquisti/papers/ acquisti_grossklags_eis_refs.pdf..

Acquisti, A. and J. Grossklags (2005), ‘Privacy and rationality in individual decision making’, IEEE Security & Privacy, 3 (1), 26-33.

Acquisti, A. and H.R. Varian (2005), ‘Conditioning prices on purchase history’, Marketing Science, 24 (3), 367-81.

Acquisti, A., A. Friedman and R. Telang (2006), ‘Is there a cost to privacy breaches? An event study’, in Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS’06), accessed 3 April 2016 at http://www.heinz.cmu.edu/~acquisti/papers/acquisti-friedman-telang-privacy-breaches.pdf.

Bonneau, J. and S. Preibusch (2009), ‘The privacy jungle: On the market for data protection in social networks’, in Proceedings of the Eighth Workshop on the Economics of Information Security (WEIS’08), accessed 3 April 2016 at http://preibusch.de/publications/Bonneau_Preibusch_________ Privacy_Jungle__ 2009-05-26.pdf

Bonneau, J., J. Anderson, R. Anderson and F. Stajano (2009), ‘Eight friends are enough: Social graph approxi­mation via public listings’, in Proceedings from SNS’09: The Second ACM EuroSys Workshop on Social Network Systems, accessed 3 April 2016 at https://www.cl.cam.ac.uk/~rja14/Papers/8_friends_paper.pdf.

Bouckaert, J. and H. Degryse (2006), ‘Opt in versus opt out: A free-entry analysis of privacy policies’, in Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS’06), accessed 23 August 2015 at http://www.econstor.eu/handle/10419/25876.

Brown, I. and D. Korff (2004), Technology Development and its Effect on Privacy and Law Enforcement, Wilmslow, UK: Information Commissioner’s Office.

Brown, I. and C.T. Marsden (2008), ‘Social utilities, dominance and interoperability: A modest proposal’, presentation at GikIII: Geek Law Workshop, accessed 3 April 2016 at http://www2.law.ed.ac.uk/ahrc/gikii/ docs3/brown_marsden.pdf.

Calo, M.R. (2013), ‘The disclosure crisis’, Concurring Opinions, 2 March, accessed 3 April 2016 at http://www. concurringopinions.com/archives/2013/03/the-disclosure-crisis.html.

Campbell, J., A. Goldfarb and C. Tucker (2011), ‘Privacy regulation and market structure’, Working Paper, accessed 3 April 2016 at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1729405.

Cave, J., N. Robinson and R. Schindler et al. (2011), Does It Help or Hinder?: Promotion of Innovation on the Internet and Citizens’ Rights to Privacy, Brussels: European Parliament Policy Department.

Coase, R. (1960), ‘The problem of social cost’, Journal of Law and Economics, 3, 1-44.

Danezis, G. and B. Wittneben (2006), ‘The economics of mass surveillance and the questionable value of anonymous communications’, in Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS’06), accessed 3 April 2016 at http://freehaven.net/anonbib/cache/danezis:weis2006.pdf.

Debatin, B., J.P. Lovejoy, A.K. Horn and B.N. Hughes (2009), ‘Facebook and online privacy: Attitudes, behav­iors, and unintended consequences’, Journal of Computer-Mediated Communication, 15 (1), 83-108.

Dworkin, R. (1980), ‘Is wealth a value?’ Journal of Legal Studies, 9 (2), 191-226.

Edelman, B. (2006), ‘Adverse selection in online “trust” certifications’, in Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS’06), accessed 3 April 2016 at http://www.benedelman.org/ publications/advsel-trust-draft.pdf.

Edwards, L. and I. Brown (2009), ‘Data control and social networking: Irreconcilable ideas?’, in A.

European Commission (2012), ‘Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)’, COM(2012)0011.

European Communities (2000), ‘Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy prin­ciples and related frequently asked questions issued by the US Department of Commerce’, Official Journal of the European Communities, L 215, 43, 7-47.

Gandy, O. (2010), ‘Engaging rational discrimination: Exploring reasons for placing regulatory constraints on decision support systems’, Ethics and Information Technology, 12 (1), 29-42.

Goldfarb, A. and C. Tucker (2011), ‘Privacy regulation and online advertising’, Management Science, 57 (1), 57-71.

Greenleaf, G. (2013), ‘Global data privacy in a networked world’, in I. Brown (ed.), Research Handbook on Governance of the Internet, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, pp. 221-59.

Greenstadt, R. and M.D. Smith (2005), ‘Protecting personal information: Obstacles and directions’, in Proceedings of the Fourth Annual Workshop on the Economics of Information Security (WEIS^,05), accessed 3 April 2016 at http://infosecon.net/workshop/pdf/48.pdf.

Grossklags, J. and A. Acquisti (2007), ‘When 25 cents is too much: An experiment on willingness-to-sell & willingness-to-protect personal information’, in Proceedings of the Sixth Workshop on the Economics of Information Security (WEIS’07), accessed 3 April 2016 at http://weis07.infosecon.net/papers/66.pdf.

Hermalin, B. and M. Katz (2006), ‘Privacy, property rights and efficiency: The economics of privacy as secrecy’, Quantitative Marketing Economics, 4 (3), 209-39.

Hoofnagle, C., J. Urban and S. Li (2012), ‘Privacy and modern advertising: Most US internet users want “do not track” to stop collection of data about their online activities’, Amsterdam Privacy Conference Papers, accessed 26 July 2014 at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2152135.

Jentzsch, N. (2010), ‘A welfare analysis of secondary use of personal data’, in Proceedings of the Ninth Workshop on the Economics of Information Security (WEIS’10), accessed 3 April 2016 at http://weis2010. econinfosec.org/papers/session2/weis2010_jentzsch.pdf.

John, L., A. Acquisti and G. Loewenstein (2011), ‘Strangers on a plane: Context-dependent willingness to divulge sensitive information’, Journal of Consumer Research, 37 (5), 858-73.

Kolstad, C.D., T.S. Ulen and G.V Johnson (1990), ‘Ex post liability for harm vs. ex ante safety regulation: Substitutes or complements?’, The American Economic Review, 80 (4), 888-901.

Korff, D. and I. Brown (2010), New Challenges to Data Protection, Brussels: European Commission DG Justice.

Livingstone, S., K. Olafsson and E. Staksrud (2011), ‘Social networking, age and privacy’, LSE Online, accessed 3 April 2016 at http://eprints.lse.ac.uk/35849/.

Moskowitz, Y. and G. Taylor (2012), ‘A theoretical model of externalities in anonymity decisions’, unpublished working paper, Oxford Internet Institute.

Nagaraja, S. (2008), ‘The economics of covert community detection and hiding’, in Proceedings of the Seventh Workshop on the Economics of Information Security (WEIS’08), accessed 3 April 2016 at http://weis2008. econinfosec.org/papers/Nagaraja.pdf.

Nissenbaum, H. (2010), Privacy in Context: Technology, Policy, and the Integrity of Social Life, Stanford, CA: Stanford University Press.

Noam, E. (1996), ‘Markets in privacy’, paper presented at the Second Aspen Summit on the Future of the Information Society, Washington, DC: Progress and Freedom Foundation.

Odlyzko, A. (2003), ‘Privacy, economics, and price discrimination on the Internet’, in Proceedings from ICEC’03: The Fifth International Conference on Electronic Commerce, New York: ACM Press, pp.

Palfrey, J. and U. Gasser (2008), Born Digital: Understanding the First Generation of Digital Natives, New York: Basic Books.

Ponemon Institute (2010), Five Countries: Cost of Data Breach, accessed 3 April 2016 at http://www.symantec. com/content/en/us/about/media/pdfs/symantec_cost_of_data_breach_global_2010.pdf.

Posner, R. (1981), ‘The economics of privacy’, American Economic Review, 71 (2), 405-9.

Preibusch, S. and J. Bonneau (2012), ‘The privacy landscape: product differentiation on data collection’, in Proceedings of the Tenth Annual Workshop on the Economics of Information Security (WEIS’11), accessed 3 April 2016 at http://preibusch.de/publications/Preibusch-Bonneau_________________________________________________ privacy-landscape.pdf.

Romanosky, S. and A. Acquisti (2009), ‘Privacy costs and personal data protection: Economic and legal perspectives’, Berkeley Technology Law Journal, 24 (3), 1061-101.

Romanosky, S., R. Telang and A. Acquisti (2011), ‘Do data breach disclosure laws reduce identity theft?’, Journal of Policy Analysis and Management, 30 (2), 256-86.

Rubinstein, I.S. (2011), ‘Regulating privacy by design’, Berkeley Technology Law Journal, 26 (3), 1409-56.

Samuelson Law, Technology and Public Policy Clinic (2007), ‘Security breach notification laws: Views from chief security officers’, accessed 3 April 2016 at http://www.law.berkeley.edu/files/cso_study.pdf.

Solove, D. (2008), Understanding Privacy, Cambridge, MA: Harvard University Press.

Spiekermann, S., J. Grossklags and B. Berendt (2001), ‘E-privacy in 2nd generation e-commerce: Privacy preferences versus actual behavior’, in Proceedings from EC’01: The Third ACM Conference on Electronic Commerce, New York: ACM Press, pp. 38-47.

Synovate (2007), Federal Trade Commission: 2006 Identity Theft Survey Report, accessed 3 April 2016 at http:// www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf.

Tang, Z., Y. Hu and M.D. Smith (2005), ‘Protecting online privacy: Self-regulation, mandatory standards, or caveat emptor’, in Proceedings of the Fourth Annual Workshop on the Economics of Information Security (WEIS’05), accessed 3 April 2016 at http://infosecon.net/workshop/pdf/31.pdf.

Taylor, C.R. (2004), ‘Consumer privacy and the market for customer information’, The RAND Journal of Economics, 35 (4), 631-50.

Thaler, R. and C. Sunstein (2008), Nudge: Improving Decisions about Health, Wealth, and Happiness, New Haven, CT: Yale University Press.

Tsai, J., S. Egelman, L.F. Cranor and A. Acquisti (2011), ‘The effect of online privacy information on purchas­ing behavior: An experimental study’, Information Systems Research, 22 (2), 254-68.

Tucker, C.E. (2012), ‘The economics of advertising and privacy’, International Journal of Industrial Organization, 30 (3), 326-9.

Turow, J., J. King, C.J. Hoofnagle, A. Bleakley and M. Hennessy (2009), Americans Reject Tailored Advertising and Three Activities that Enable It, Technical Report, Annenberg School for Communications, accessed 26 July 2014 at https://www.nytimes.com/packages/pdf/business/20090929-Tailored_Advertising.pdf.

Varian, H.R. (1997), ‘Economic aspects of personal privacy’, in National Telecommunications and Information Administration (ed.), Privacy and Self-Regulation in the Information Age, Washington, DC: US Department of Commerce.

Varian, H.R., F. Wallenberg and G. Woroch (2004), ‘Who signed up for the do-not-call list?’, in Proceedings of the Third Annual Workshop on the Economics of Information Security (WEIS^,04), accessed 26 July 2014 at http://www.dtc.umn.edu/weis2004/varian.pdf.

Vila, T., R. Greenstadt and D. Molnar (2003), ‘Why we can’t be bothered to read privacy policies: Models of privacy economics as a lemons market’, in Proceedings from ICEC’03: The Fifth International Conference on Electronic Commerce, New York: ACM Press, pp. 403-7.

Westin, A.F. (1967), Privacy and Freedom, New York: Atheneum.

World Economic Forum (2011), Personal Data: The Emergence of a New Asset Class, accessed 26 July 2014 at http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf.

Xu, W., X. Zhou and L. Li (2008), ‘Inferring privacy information via social relations’, in Proceedings from ICDEW^,08: IEEE Data Engineering Workshop, Piscataway, NJ: IEEE, pp. 525-30.

13.