Comments for Putting a price on privacy – an Introduction to the Economics of Privacy

Buying new clothes, looking for recipes, talking with friends or even looking for the opening hours of the local cinema has never been easier and quicker than now, allowing complete freedom, and yet our privacy is permanently threatened. The rapid growth of the Internet due, notably, to the widespread diffusion of connected devices made us forget about a fundamental right: privacy. Unconsciously, everyone is giving away loads of personal data to companies, that will sooner or later use them to make profit, and people have to protect from that. This is where appears the concept of Willingness to pay and Willingness to accept.

Even if I value all of my personal data, I have to accept the fact that being on the internet means giving a part my privacy to companies. That’s the way it is, and everyone that goes online has to be aware of that. With the rise of free access and free apps, privacy is more and more in danger. Of course, some regulations exist to protect internet users’ privacy, but everything that is put on the internet won’t never be fully erased, neither protected. The last document leak of “Panama papers” can support my thinking. Thereby, that’s why I will always have doubts about WTP facilities. The balance between WTP and WTA has to be done personally between two costs: cost of privacy lost for WTA and monetary cost for WTP, but costs will always remain. Like Forbes said: “When the service is free, the user is the product” (1)

It is important to notice that even if I consider every personal data as important, some are more than other. I wouldn’t be against sharing “superficial” personal data as my age, way of living… with a WTA, but I set a limit to what I’m ready to share. I would say that the real problem is not really the privacy (personal data) that you give away when navigating, but it is the way it can have returns on you. If a company looks at the videos I watch to suggest me others, I don’t mind. But if it spies at my messages to use them against me after, it is then more serious. I would pay to keep private information safe, like my account data, identity or whatever might put me in danger by sharing. It is then clear that my privacy preferences vary from a transaction to another.

I would conclude by saying that everyone going on the internet is facing personal data stealing, but it is a personal decision to take whether to protect more or not your information as everyone has a different valuation of its private data.

(1) http://www.forbes.com/sites/danielnewman/2014/08/20/there-is-no-privacy-on-the-internet-of-things/#7bd761016b4e

In their seminal Book, Viktor Mayer-Schönberger and Kenneth Cukier laud the vast benefits of Big Data. Self-driving cars, fighting diseases, automating jobs, the possibilities are endless. No wonder Big Data has become one of the business world’s most widespread buzzwords. With the emergence of Big Data comes a significant transformation: users’ personal data is becoming an increasingly important economic input.

This transformation has caught the attention of regulators and privacy advocates. Indeed, there is an underlying fear that “personal data” transactions – whereby consumers exchange personal data for services – might sometimes harm consumers or society as a whole. In more economic terms, there are two potential problems. First, do some personal data transactions reduce consumer surplus? This is the case if consumers’ net utility from a transaction is negative. Second – if the answer to the first question is yes – do these transactions reduce social welfare? This is the case if the gains to the firm are smaller than the loss of utility to the consumers [1]. Note that for either of these problems to occur, consumers must necessarily be irrational [2], misinformed, coerced, or there must be guile on the part of the company that receives the information [3]. Otherwise they would simply not partake in such transactions.

In order to deal with these questions, authorities/economists will have to resolve a number of complex issues. One such issue is the expectations of users (this is very close to what Mrs. Scholz refers to as contextual effects). Because “personal data” transactions are non-monetary, it is difficult for authorities to identify the value that users attach to their personal information. When they attempt to do so, I would argue that is important for authorities not to overlook an important fact: the potential negative utility that consumers suffer from exchanging personal information depends on the subsequent use of the information by its recipient.

Consumers must thus form expectations about the way in which their private data will be used in order to place a value on it [4]. For example, I might be willing to let Facebook know that I go to bars on weeknights if it only sells this information to advertisers. It would be much more costly for me if Facebook suddenly decided to sell this information to my current or potential employers (and I would thus ask for a more significant counterparty in order to part with the information). Another example concerns the individualization of information [5]. Take my Google Search record. If I expect that this information will only published in aggregate form – such as Google Trends [6] – I suffer little negative utility from giving it away. On the other hand, Google could allow other people to view my search history. In this second case, I could be directly identified and I would suffer a much higher negative utility from giving the information away.

Given the impact of expectations on the value that consumers attach to their personal data, one would expect companies to go to some lengths in order to commit to using users’ information in specific ways [7]. This turns out to be the case in practice. Facebook has an incredibly detailed Data Policy [8]. The policy notably outlines what type of data Facebook collects and, more importantly, how it may use this data. For example, Facebook’s terms specifically state that when private information is shared with advertisers, the user is not “personally identifiable”. Likewise, Google commits to ask for users’ consent before it shares “personally identifiable” data with third parties [9].

An objection is that most users probably never read these terms of service. Accordingly, one might argue that these terms cannot possibly affect their behavior. This seems shortsighted to me. By making commitments regarding the use of personal information, online platforms avoid severe backlash from media outlets and privacy advocates [10]. If left unchecked, this backlash could have an important impact on consumers’ cost/benefit analyses and firms’ bottom line.

Another objection is that firms adopt these policies to appease regulators rather than attract consumers. I would counter that, regardless of regulation, firms have an interest in making commitments as far as their use of personal information is concerned. This helps them to obtain the information in the first place. To cite but one example, Facebook spontaneously increased the protection of WhatsApp messages, presumably in order to retain more users [11].

To summarize, I agree that we should always think of the value of personal information in a given context. When we say things like “users are willing to give away their home address and phone number for X euros”, we should always consider the expected use of this information by its recipient.

[1] This is just another spin on the age old debate between consumer surplus and social welfare. In that regard, Kaldor and Hicks argued forcefully that the later objective should be favored because it leads to potential-Pareto improvements. In other words, the welfare gains are always big enough to compensate the losers through lump sum transfers and potentially leave no one worse off. See Nicholas Kaldor, Welfare propositions of economics and interpersonal comparisons of utility, THE ECONOMIC JOURNAL (1939). See also John R Hicks, The foundations of welfare economics, THE ECONOMIC JOURNAL (1939).

[2] See notably Alessandro Acquisti, Nudging privacy: The behavioral economics of personal information, DIGITAL ENLIGHTENMENT YEARBOOK 2012 (2012).

[3] In which case the issue would be akin to the contractual hold-up problem identified by Williamson. See Oliver E Williamson, Transaction-cost economics: the governance of contractual relations, 22 THE JOURNAL OF LAW & ECONOMICS (1979).

[4] A number of authors have argued that taking context and expectations into account is essential in order to deal with privacy issues. See notably HELEN NISSENBAUM, PRIVACY IN CONTEXT: TECHNOLOGY, POLICY, AND THE INTEGRITY OF SOCIAL LIFE (Stanford University Press. 2009).

[5] The notion of individualized information was notably addressed in the Jentsz et al. study. The authors draw a distinction between private/public information and personal/aggregate information. See Nicola Jentzsch, Sören Preibusch & Andreas Harasser, Study on monetising privacy: An economic model for pricing personal information, ENISA PUBLICATION (2012).

[6] See https://www.google.com/trends/.

[7] This is especially true because many firms in data-heavy industries are multi-sided platforms whose competitiveness hinges on attracting as many consumers as possible in order to sell their eyeballs to advertisers.

[8] https://www.facebook.com/about/privacy/.

[9] See https://www.google.com/policies/privacy/#infouse. These terms notably state that: “We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.”

[10] Media outlets routinely comment on updates to platforms’ privacy policies. See, for example, http://www.cnet.com/news/facebook-gets-down-to-privacy-basics-for-simplicitys-sake/.

[11] See notably http://www.huffingtonpost.co.uk/gary-newe/whatsapp-privacy_b_9700432.html.

Clearly, I don’t like the idea that companies look for my personal data and then sell them to a third party. I feel like I got robbed because they sell something that is mine. Though, I have to admit that sometimes when I make research on Internet, targeted advertising helps me to find what I need more quickly so one can say that it can help to reduce the searching costs. The willingness to share our data depends on the type of data and on whom we give them to, like mentioned in the text. But another reason is in which way the ‘receiver’ will handle these data and for which goal. For example, in the UK, “consumers revealed that they would give out personal information online if it could help the government better plan and deliver services, or prevent and detect crime, fraud or terrorism.”(1) So, if it is for the greater good, people don’t hesitate to release their data. Of course, people will share more easily their personal information to brands/institutions they trust (2).
Then, I would say that we can’t really know if those benefits outweigh the costs of sharing personal information. It depends on people and on their way they value their data. It also depends on what they get in return. Nowadays, companies invent more and more offers in order to convince consumers to disclose their personal information. So the answer to this question is not obvious.
.
https://home.kpmg.com/xx/en/home/insights/2015/09/motivating-customers-share-personal-data-fs.html (1)
https://www8.gsb.columbia.edu/newsroom/newsn/3850/study-shows-that-consumers-are-willing-to-share-personal-data-if-the-benefits-and-brand-are-right (2)

I think that people do value their private information and most of them are afraid to display them over the Internet.
As the first article said, it appears as an obvious thing to say that consumers do not like they surfing habits to be monitored.
But it also pointed out that consumer could actually benefit from sharing personal information, such as their browsing or purchasing history, with online service providers.
The principles of behaviour-based price discrimination and targeted information that are set up thanks to the consumer’s private information might benefit him.
In this article, we saw how difficult it is to value private information and that in order to try to do it; we should rely on several concepts.

I observe differences in my privacy preferences when I look at the issue either from a WTP perspective or a WTA perspective but it is also highly related to the kind of information.
For example, I don’t value as much my browsing history as information related to my identity or security (social networking password, banking information,etc..) .
Regarding my browsing history, I wouldn’t pay to keep that information private and I would agree to be paid by a company in exchange of the access of this information, as I don’t value highly that information.
On the contrary, I would pay to keep private information related to my identity and security and I wouldn’t accept to be paid by any company as I highly value that kind of information and I would be afraid not to control the access to that kind of personal information.
Having said that, I can affirm that my privacy preferences vary across transactions as my concerns will vary across the different transactions.
My private preferences also vary with the context as my trust is going to be different depending on the type of institution I’m dealing with.
For example, I give much more confidence to a financial institution, as I know that they are facing strong regulations and that they can’t do whatever they want with my private information.
On the other hand, I have much less confidence when it comes to social networking sites or online sellers.
Indeed, when you create an account on a social network site, the website tells you that you give them the right to use your personal information.
I don’t like that kind of policy, as I have no control on what they are doing with it and to whom they could give access to it.

To sum up, it is an interesting article as it points out the fact that each consumer has its own valuation about private information.
It shows that consumers are not going to give the same importance about different information and that’s what makes different prices subscription possible.

With the emergence of the web 2.0, plenty of informations about almost everyone that has an internet access not available before, became. Now this large amount of data allows plenty of possibilities such as marketing, remarketing, research,et cetera for business companies or organisations. As emphasize in the series of 3 articles we spread our personal datas all over the web and nearly who wants can pick it and exploit it. Because our personal datas have several utilities and that there are potential supplier and buyer, it has created a market where personal data are highly valuated.

It’s clear that this market creates a lot of issues. Firstly because personal data business is a sensitive topic. Secondly because the Internet gathers players from all around the world and destroy the borders of countries that do not have same privacy legislations or culture which creates a lot of issues. Well it’s not easy to give an account of everything as it’s a very wide topic and I’ll focus now about the questions asked at the end of the article.

What personal data do I value ?

In my point of view, there are 3 categories of personal data, and I value each one differently. The first one is about all the data about my identity such as where I live, my age, my name, my language, et cetera. These data have for me no value because they where already available before the web 2.0. Indeed physical stores asks you about this information when you get advantages such as reduction card and I have no doubt that this data is sold or shared. Then I don’t see why pay to not share them while they are available elsewhere than on internet.
The second category of data is data about my preferences such as my web-site historic or articles that I search/(didn’t)buy et cetera. This data allows companies to target me with things that are likely to interest me or to do re-marketing. Actually these category of data is used to do well-targeted ads. I do not value them as well because I do not care about the fact that people are doing statistics with that and because I’m not longer concern by internet ads while I use ad-block which blocks all internet ads. I guess that it should be interesting to study what is the impact of such a software..
The last category is about what we will call «very personal data». This very personal data are all the data that you produce by yourself such has personal messages on Facebook or your photos et cetera. I value them because I don’t think that everyone should have an access to it. I mean that industry which are buying ‘very personal data’ are doing voyeurism. It’s like if someone comes into your house and has a look at your photo scrapbook. Nonetheless I try to put the less possible ‘very personal data’ on the internet. I would have been interested by such service as ensuring of ‘very personal data’ but as far as I can’t get real proof that my datas were indeed protected I’ll not buy such service and just care about what I put on Internet.

Do you observe differences in your privacy preferences depending on whether you look at the issue from a WTA or WTP perspective?

As most of the people, I observe differences in my preferences. Added to what has been explained in the article I believe that there is also a ‘power’ factor. I mean private information is supposed to be mine but on the internet it’s not the case. Then I feel like ‘Why would I have to pay to keep for myself something that is supposed to be mine ?’. It’s quite the same as if I had to pay burglar to not burglar my house. It’s pretty frustrating and then I will not accept to pay large amount of money for privacy.

Do your privacy preferences vary across transactions or with the context?

I ll state that my privacy preferences vary with the context along 2 variables. The first one is how much I evaluate the value proposition of the website. I mean that the more I will have interest in the value proposition of the website the more I will agree to give private information. For example my personal information are far more detailed on Facebook then on Google+ even if they are quite the same kind of social-network. The explanation comes from that I have more interest in sharing information on Facebook than on Google+ because for instance most of my friends are on Facebook. The second one is about my confidence in the website, if I don’t feel confident with the privacy policy of the website share less as possible very personal information. There are plenty of websites that ask for register and then to register to access their contents. When I do not need that much the content I just go away.

Do you have examples for which type of online transactions you are more privacy-concerned or privacy-aware?

As explained before, in my view there are 2 variables that define my privacy preferences. If a website do not give me content that should interest me or that I don’t feel confident with its privacy policy I should be very privacy-concerned.

I know that according to the majority of people, the privacy on internet is a really hot topic.
However this is not my case.
The only personal data I value are my passwords for mails and when it’s related to banking information.
I personally have a really neutral opinion about “privacy” in my browsing history: the fact that I know that my history can be analysed is a little bit unpleasant of course but I also see positive facts about this.

The fist point would be personal adds: the fact is that the personal adds I receive are way less awkward than the aleatory ones. To explain this I would say that people nowadays assume that you will always get a “personnal” add, for my case it is mainly about trips, japan culture and videogames. However I already received aleatory adds about women’s clothing or dating sites which were not relevant and more compromising than the “real” targetted advertisments.

The second point is that I know that the industries also use those information in order to do discrimination pricing, targetted pricing and special offers ( we can take the example with AT&T and its privacy option) which can be in the end a positive spillovers for all the users.

For the second question I agree with the fact that there is a difference between WTA and WTP the better example I can use is the answer of your question above:
Because I don’t really care about privacy I won’t pay for the option of “secured” internet, my WTP would be 0.
Knowing this my WTA could also be 0 because I accept the situation but since the company is willing to give me something I will obviously accept the offer and try to maximise my benefit.

Nevertheless I have to add that all of those questions about security, privacy protection etc. depend of a lot of external factors and can be different regarding the situation. My answers are then not fixed and unchangeable but may vary regarding the context or the person.

What personal data do you value?

I fully agree with the last part of this paper. I do not value much data that are less personal such as “Am I a student or not”, “How many siblings do I have”, etc.. But as soon as it involves more specific details such as “Where are you studying”, “In which city do I live”, etc.. I become much more reluctant to share information. That is the reason why I do not quite like Facebook knowing that it shares your private information to marketing companies. Therefore, I do not divulge any private information concerning myself or at least I try to not to.

Do you observe differences in your privacy preferences depending on whether you look at the issue from a WTA or WTP perspective?

To be honest I found it quite difficult to differentiate the willingness to pay and willingness to accept. After deeper researches on the subject, I understood it as WTP measures the values of something you want to buy (in this case the value you are ready to pay in order to keep your privacy) and WTA measures the values of something you are ready to see (in this case the price you are ready to get when loosing some privacy).
From my point of view, privacy is quite important. I will be ready to pay a high price to keep my information private as well as I will be ready to accept to lose some of my privacy for a high price. So I do not understand why there would be a difference between the two. As long as it is care about it the price would be the same.

Do your privacy preferences vary across transactions or with the context?

Yes, it does vary. If you take once again Facebook, I do not mind that pieces of my private information are used for marketing purposes as long as I have the choice of which information I agree to give. But, if it is compulsory to fill in personal records I deserve the right to decide if it can be used or not.

Do you have examples for which type of online transactions you are more privacy-concerned or privacy-aware?

I am definitely more privacy-concerned when I am facing social network websites. When you use that kind of websites you publish so many things about yourself and your life but also about your friends and family. You expose your preferences, what you like and dislike. You are offering all your private information on a silver platter. Afterwards, those websites collect, analyse and store all our data. Finally, they sell them to very targeted advertising.

Otherwise, on any other websites that I have to fill in information to register I am more privacy-aware. For instance, when you buy something on-line you have to give some records like 3suisse, Booking.com and many other services on-line. I feel more comfortable to share my personal information as they have privacy policy.

References:

http://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=1005&context=econ_las_pubs
https://www.linkedin.com/pulse/20130502052254-64875646-how-facebook-exploits-your-private-information