THE COSTS AND BENEFITS OF PRIVACY

The standard economic analysis of privacy looks at its costs and benefits to different parties in a transaction, and their resulting incentives. Generally, consumers want pro­ducers to know which products and services they are interested in - to reduce their own search costs - and producers have an incentive to provide this information.

Producers might also use wish to use knowledge of other consumer characteristics to charge higher prices - for example, a health insurer who wishes to charge more to smokers. While a smoker has an incentive to hide this information, a non-smoker has an incentive to reveal it and receive a lower price. The seller is therefore likely to structure the transaction so that the information is disclosed, such as through a discounted price for non-smokers (ibid.).

The growth of e-commerce has made it much easier for sellers to customize their offers, including price, to each buyer based on their revealed characteristics and behav­ior (Odlyzko, 2003). However, buyers are still able to use technical tools (such as cookie blockers) to conceal previous interactions from sellers and reduce the potential for price discrimination. Sellers therefore need to provide buyers with an incentive to reveal their identities - especially those with a higher willingness to pay. This explains the profusion of ‘enhanced’ services to regular customers, such as site personalization (including rec­ommendations and saved addresses and payment information) and discount vouchers (common in loyalty clubs) (Acquisti and Varian, 2005).

Curtis R. Taylor (2004) demonstrated that when individuals are aware that details of purchasing behavior at one firm may be sold to other companies, affecting offered prices, this will undermine the market for customer information and increase the price elasticity of demand at the first firm.

Individuals can suffer tangible and intangible indirect costs if their personal data is misused. They may suffer from identity fraud, which can be damaging to their future ability to get credit as well as often taking significant time and expense to put right. If they are notified of data loss, individuals have to expend cognitive resources assessing risk and deciding on a course of action, as well as worrying about negative outcomes. Individuals may also feel shame at having private details of their lives exposed, and suffer stigma and discrimination as a result (Romanosky and Acquisti, 2009).

Organizations that lose personal data are likely to receive significant negative publicity and may be fined by regulators or lose future sales (ibid.) - although security breaches do not appear to have a long-run impact on companies’ market value (Acquisti et al., 2006). In a survey of businesses across five industrialized countries, the Ponemon Institute (2010, pp. 3-7) estimated the average cost of a data breach incident to be $3.44 million, taking into account costs of detection and escalation, customer notification, incident response, and lost business.

As well as incurring costs if data is misused, consumers can also suffer from invasive unsolicited advertising communications. Varian (1997) characterized protection from junk letters, phone calls and e-mail as the ‘right not to be annoyed’. Varian et al. (2004)

The economics of privacy, data protection and surveillance 249 used US Federal Trade Commission (FTC) figures to suggest that even at 10 cents of annoyance per telemarketing call, US residents were suffering $3.6 billion per year of annoyance before the FTC introduced its ‘do-not-call’ opt-in list.

Many online services are provided free to consumers and financed through advertising revenues. Ads are commonly customized using ‘behavioral targeting’ systems that profile users based on their search and browsing history, in the latter case using ‘third-party cookies’ from advertising companies stored in their web browser software.

Behavioral targeting can increase the (extremely small) likelihood that consumers will click on ads, and hence ad revenues, but is unpopular with users; one representative survey found that 66 percent of adult Americans did not want to receive tailored ads, and 73-86 percent rejected common tracking practices (Turow et al., 2009). This has led to an arms race where browser companies introduce new features to restrict tracking (such as Apple and Mozilla’s default blocking of third-party cookies in their browsers) while advertising companies develop new technologies to track users (such as Flash and Silverlight cookies and device fingerprinting) (Hoofnagle et al., 2012). Tucker (2012) suggests that a better strategy is to give users more control over the use of their personal data in ad targeting, which in a natural experiment was found to double the likelihood of users clicking on targeted ads.

Law enforcement and intelligence agencies are intensive users of surveillance technolo­gies and data gathered by third parties, especially as the technologies to perform such sur­veillance become ever cheaper (Brown and Korff, 2004). Much online interaction takes place in social ‘spaces’ such as mailing lists and social media; Danezis and Wittneben (2006) showed that low levels of surveillance can reveal information about large numbers of members of such spaces - in the network of political activists they studied, surveillance of the best-connected 8 percent of the network revealed the full network information. Even limited revelation of user ‘friend lists’ in social networks allows the approxima­tion of degree and centrality of nodes, computation of small dominating sets and short paths between users, and detection of community structure (Bonneau et al., 2009). Also, personal characteristics can be revealed in many cases through these networks, due to homophily between family members, friends and colleagues (Xu et al., 2008).

While these results are also relevant to private sector actors, government surveillance is principally controlled through legal rather than economic mechanisms, and so is not considered further here.

12.2.1 Social Welfare Considerations

Whether or not certain individuals have a preference for privacy, what are the social impacts of controls on the flow of personal information? Posner (1981, p. 406) equated privacy to ‘fraud in “selling” oneself’, since there is evidence that ‘people are rational even in non-market transactions such as marriage’ and ‘even in regard to such apparently

emotional factors as race and sex’. Since disclosure of personal data increases the infor­mation available in the market, Posner argues that by definition this will increase the effi­ciency of resource allocation and hence maximize wealth. Training a healthy employee, for example, is a better investment for an employer; health privacy rules stop this dis­crimination. Preventing the revelation of individual ill health reduces the incentives for investment in increased productivity (Hermalin and Katz, 2006). Posner acknowledges the discriminatory impact increased information flows may have on individuals, but sug­gests that privacy merely shifts inequalities from one small group to another.

Hermalin and Katz (2006) describe three reasons why a more transparent society of better-informed parties transacting with each other is not necessarily wealth maximizing. First, privacy protection can enable insurance products - such as against catastrophic illness - that would be impossible if insurers could require purchasers to provide informa­tion, such as test results, that can at least partially predict the insured outcome. Welfare is increased by privacy rules that prevent socially wasteful testing and reduce the average risk borne by risk-averse individuals. Second, markets may not be able to adjust effi­ciently to additional information in the presence of price rigidities. Third, efficiency gains due to the availability of full information do not necessarily imply gains from partial information.

Non-economists have also criticized Posner’s approach as utilitarian, ignoring other key social values, particularly equality, which are incommensurate with and cannot be traded against efficiency (Dworkin, 1980; Gandy, 2010). In most legal systems privacy is a fundamental right, and underpins other fundamental rights such as freedom of expres­sion and association. There is an extremely broad legal and philosophy literature on this subject - some good starting points are Westin (1967), Solove (2008), Nissenbaum (2010) and Korff and Brown (2010).

12.3