Privacy Self-Regulation and
Economics
Week 3 - September 19, 21
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
1
Homework 3
 http://lorrie.cranor.org/courses/fa05/hw3.html
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
2
Privacy self-regulation
 Since 1995, the US FTC has pressured
companies to “self regulate” in the privacy area
 Self regulation may be completely voluntary or
mandatory (or somewhere in between)
 Self-regulatory programs and initiatives
•
•
•
•
•
Seals
CPOs
Privacy policies
P3P
Industry guidelines
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
3
Voluntary privacy guidelines
 Online Privacy Alliance
http://www.privacyalliance.org
 Direct Marketing Association Privacy Promise
http://www.thedma.org/library/
privacy/privacypromise.shtml
 Network Advertising Initiative Principles
http://www.networkadvertising.org/
 CTIA Location-based privacy guidelines
http://www.wowcom.com/news/press/body.cfm?record_id=907
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
4
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
5
Chief privacy officers
 Companies are increasingly appointing CPOs to
have a central point of contact for privacy
concerns
 Role of CPO varies in each company
•
•
•
•
Draft privacy policy
Respond to customer concerns
Educate employees about company privacy policy
Review new products and services for compliance with
privacy policy
• Develop new initiatives to keep company out front on
privacy issue
• Monitor pending privacy legislation
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
6
Seal programs
 TRUSTe – http://www.truste.org
 BBBOnline – http://www.bbbonline.org
 CPA WebTrust –
http://www.cpawebtrust.org/
 Japanese Privacy Mark
http://privacymark.org/
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
7
Seal program problems
Certify only compliance with stated policy
• Limited ability to detect non-compliance
Minimal privacy requirements
Don’t address privacy issues that go
beyond the web site
Nonetheless, reporting requirements are
forcing licensees to review their own
policies and practices and think carefully
before introducing policy changes
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
8
Privacy policies
Policies let consumers know about site’s
privacy practices
Consumers can then decide whether or not
practices are acceptable, when to opt-in or
opt-out, and who to do business with
The presence of privacy policies increases
consumer trust
What are some problems with privacy policies?
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
9
Privacy policy problems
BUT policies are often
•
•
•
•
difficult to understand
hard to find
take a long time to read
change without notice
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
10
Privacy policy components
 Identification of site, scope,
contact info
 Types of information collected
 Security assurances
 Children’s privacy
• Including information about
cookies
 How information is used
 Conditions under which
information might be shared
 Information about opt-in/opt-out
 Information about access
There is lots of information
to convey -- but policy
should be brief and
easy-to-read too!
 Information about data
retention policies
 Information about seal
programs
What is opt-in? What is opt-out?
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
11
Short Notices
 Project organized by Hunton & Williams law firm
• Short version (short notice) of human-readable policy for web and
paper
• Also called a “layered notice” - refer to long notice for more detail
• Now being called “highlights notice”
• Focus on reducing privacy policy to at most 7 boxes
• Standardized format but only limited standardization of language
• Proponents believe they may eventually be mandated by law
• A work in progress - not yet in use
 Alternative proposals from privacy advocates focus on
check boxes
 Interest Internationally
• http://www.privacyconference2003.org/resolution.asp
 Interest in the US for financial privacy notices
• http://www.ftc.gov/opa/2003/12/privnoticesjoint.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
12
Privacy Notice Highlights Template
We use information about you to manage your account and offer you other products and services we
think may interest you.
We share information about you with our sister companies to offer you products and services.
We share information about you with other companies, like insurance companies, to offer you a wider
array of jointly-offered products and services.
We share information about you with other companies so they can offer you their products and
services.
You may opt out of receiving promotional
information from us and our sharing your
contact information with other companies. To
exercise your choices, call (800) 123-1234 or
click on “choice” at ACME.com.
You may request information on your billing
and payment activities.
HOW TO REACH US
PERSONAL
INFORMATION
We collect information directly from you and maintain information on your activity with us, including
your visits to our website.
We obtain information, such as your credit report and demographic and lifestyle information, from
other information providers.
USES
This statement applies to Acme Company
and several members of the Acme family of
companies.
YOUR CHOICES
SCOPE
Dated: May 28, 2002
IMPORTANT
INFORMATION
Template prepared by the Notices Project, a program of
the Center for Information Policy Leadership at Hunton &
Williams
© 2002 Center for Information Policy Leadership
NY142510v1
5/28/2002
Acme Company
Privacy Notice
Highlights
For more information about our privacy
policy, write to:
Consumer Department
Acme Company
11 Main Street
Anywhere, NY 10100
Or go to the privacy statement on our
website at acme.com.
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
13
Checkbox proposal
WE SHARE [DO NOT SHARE] PERSONAL INFORMATION WITH OTHER WEBSITES OR COMPANIES.
Collection:
We collect personal information directly from you
We collect information about you from other sources:
We use cookies on our website
We use web bugs or other invisible collection methods
We install monitoring programs on your computer
Uses: We use information about you to:
Send you advertising mail
Send you electronic mail
Call you on the telephone
Sharing: We allow others to use your information to:
Maintain shared databases about you
Send you advertising mail
Send you electronic mail
Call you on the telephone
YES





NO

With Your
Consent



Without Your
Consent



With Your
Consent



N/A
Without Your
Consent



N/A



Access: You can see and correct {ALL, SOME, NONE} of the information we have about you.
Choices: You can opt-out of receiving from
Advertising mail
Electronic mail
Telemarketing
Retention:
Change:
We keep your personal data for:
Us



{Six Months Three Years
Affiliates



Third Parties


N/A
Forever}
We can change our data use policy {AT ANY TIME, WITH NOTICE TO YOU, ONLY FOR DATA COLLECTED IN THE FUTURE}
Source: Robert Gellman, July 3, 2003
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
14
Highlights notice on IBM web site
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
15
Highlights notice on P&G web site
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
16
What You Need to Know about CMU’s
Institutional Review Board (IRB)
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
17
Research and Communication Skills
What is the IRB?
 A group that reviews research studies involving
human subjects
 Goal: Protect human subjects
• Rights and welfare of the individuals involved
• Appropriateness of the methods used to obtain informed
consent
• Risks to human subjects
• Potential benefits of the investigations
 Governed by federal regulations
• http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.htm
 CMU policy on human subjects research
• http://www.cmu.edu/policies/documents/HumanResearch.html
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
18
When Does the IRB Affect You?
All research that:
• Is a systematic investigation (including
development, testing, and evaluation)
designed to discover or contribute to a body of
generalizable knowledge
• Involves human participants
 Living people
 Obtains “data through intervention or interaction
with the individual”
 Contains “identifiable private information”
http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
19
Why are the Regulations So Strict?
 History of informed consent: international
• Nuremberg Code (1948)
 Response to trial for war crimes: Nazi physicians conducted
medical experiments on concentration camp prisoners
 Voluntary consent
 Benefits of research must outweigh risks
• Declaration of Helsinki (1964)
 World Medical Association established rules for ethical
biomedical research
–
–
–
–
Research on humans based on lab/animal research
Protocols reviewed by independent panel
Informed consent
Risks should not exceed benefits
http://www.unlv.edu/Research/OPRS/history-ethics.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
20
Why are the Regulations So Strict?
 History of Informed Consent: U.S.
• Tuskegee Syphilis Study (1932-1972)
 U.S. Public Health Service studied 600 low-income African
American men, 400 of whom were infected with syphilis
– Free medical exams given
– Denied treatment even after penicillin available in 1950s
• Radiation experiments (1940s)
 Radioactive substances given to pregnant women, mentally
retarded, poor, prison inmates, etc.
• National Research Act (1974)
 Created National Commission for the protection of Human
Subjects of Biomedical and Behavior Research
http://www.unlv.edu/Research/OPRS/history-ethics.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
21
Belmont Report (1979)
Principal
Application
Respect for Persons
Informed Consent
Individuals should be treated as
autonomous agents
Information
Comprehension
Persons with diminished autonomy are
entitled to protection.
Voluntary participation
Beneficence
Systematic assessment
of risks and benefits
Human participants should not be
harmed
Research should maximize possible
benefits and minimize possible risks
Justice
Selection of participants
The benefits and risks of research must
be distributed fairly
Fair procedures and
outcomes
http://www.unlv.edu/Research/OPRS/history-ethics.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
22
So You Need IRB Approval…
Go to CMU’s IRB website for forms and
directions
• http://www.cmu.edu/provost/spon-res/compliance/hs.htm
Start now!
• Minimal risk or below: reviewed every 2 weeks
• Above minimal risk: reviewed the first
Wednesday of each month
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
23
Levels of Review
 Exempt
• No or low risk
• Ex: anonymous surveys
 Expedited
• Minimal risk
• Ex: surveys that are not anonymous
 Full
• Greater than minimal risk
• Deal with questions of a sensitive nature
• Involve vulnerable populations (minors, pregnant
women, fetuses, cognitive disabilities)
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
24
How do I Complete an IRB Proposal?
• Complete online training for certificate
 http://cme.nci.nih.gov/
• Fill out IRB application form
• Draft consent form
• Write up proposal
 Experimental methodology
 Steps taken to ensure confidentiality & anonymity
 Risks – benefits assessment
 Recruitment documents
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
25
Tips
Submit a complete application!
Write in simple terms so someone
unfamiliar with the field can understand it
Try to minimize changes after submission
• All changes must be submitted for approval
• Usually expedited review
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
26
Questions
Regulatory Compliance Administration
• irb-review@andrew.cmu.edu
• (412) 268-1901
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
27
Homework 3 Discussion
 http://lorrie.cranor.org/courses/fa05/hw3.html
 Questions or comments on reading
 Strengths and weaknesses of web site privacy
policies
 Prohibit or compensate for sale of personal
information?
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
28
Economics of privacy
Privacy is an economic problem…
… even when privacy issues do not have
direct economic interpretation
Privacy is about trade-offs: pros/cons of
revealing/accessing personal information…
• For individuals
• For organizations
… and trade-offs are the realm of
economics
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
29
Evolution of the economics of privacy
 Early 1980s
• Chicago school approach
 Mid 1990s
• The IT explosion: Varian, Noam, Laudon, Clarke
 After 2001
• The Internet: personalization and dynamic behavior
• Modeling: price discrimination, information and
competition, costs of accessing customers
• Empirical studies: surveys and experiments
• Economics of (personal) information security
(Anderson, Varian, WEIS)
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
30
Summarizing results
Allowing firms to use cookies can make
customers and society better off
Sharing information between sellers
reduces “distortions”
With “strategic” customers, firms better off
respecting customer’s privacy
So, where is the problem?
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
37
Open questions
1. Is too much privacy bad for you?
2. Do you really have zero privacy?
3. What are the costs of privacy?
4. Who should protect your privacy?
5. Do people really care about privacy?
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
38
Is too much privacy bad for you?
or, too much privacy can act against the
interests of society or the individual
Economics says:
• More sharing of on-line identity information is
good: market laws can allow the right amount
of information to be shared
• But, this is not in contradiction with protection
of privacy (off-line identity)
• Problem: linkages and trails shrinks the
anonymity set (Danezis and Serjantov [2002]).
I.e., privacy is not that easy to protect.
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
39
Do you really have zero privacy?
“Get over it: You already have zero privacy.”
or, the loss of control on personal information is
simply unavoidable in our networked society
 But information technology can also:
• Both link and unlink on-line and off-line identities…
• …or make linkages difficult (e.g., Sweeney [2002])
 I.e.: complete anonymity may be impossible in a world in
which we leave so many data trails anywhere anytime – yet,
technology can at least make connecting those trails
expensive to others
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
40
Do you really have zero privacy?
 In almost every conceivable on-line and off-line
scenario, we have developed tools and methods
to protect privacy and make those linkages
difficult or impossible
•
•
•
•
•
Anonymous payments (e.g., Chaum [1982])
Anonymous browsing (e.g., Goldschlag et al [1999])
Private preferences (e.g., Canny [2002])
Re-mailers (e.g., Chaum [1981])
(Good) electronic voting (e.g., Juels and Jakobbson
[2002])
• …
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
41
And yet….
 Economic arguments show that trade-offs
between sharing and protecting personal
information may be reconciled
 Technology could do it
 So, why econ & technology did not do it?
 Solve the following equation:
• Find a privacy combination convenient for customers
(e.g. Bob), profitable for vendors (e.g. Amazon.com),
advantageous for other existing players (e.g. credit
card networks), non replicable by competitors
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
42
Who should protect your privacy?
Self-regulation?
• Fails under pressure
Policy/legislation?
• EU vs. US
• Samuelson (2003): The social costs of
confusing privacy policies
Individual responsibility?
• Can individuals protect themselves?
• Should they?
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
43
Phrasing the policy debate?
It is true that there are potential costs of using
Gmail for email storage […] The question is
whether consumers should have the right to
make that choice and balance the tradeoffs,
or whether it will be preemptively denied to
them by privacy fundamentalists out to deny
consumers that choice.
-- Declan McCullagh (2004)
 Can consumers really make the choice that best
serves their own interests?
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
44
Privacy attitudes…
Attitudes: usage
• Top reason for not going online (Harris [2001])
• 78% would increase Internet usage given more
privacy (Harris [2001])
Attitudes: shopping
• $18 billion in lost e-tail sales (Jupiter [2001])
• Reason for 61% of Internet users to avoid
ECommerce (P&AB [2001])
• 73% would shop more online with guarantee for
privacy (Harris [2001])
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
45
… versus privacy behavior
Behavior
• Anecdotic evidence
 DNA for BigMac
• Experiments
 Spiekermann, Grossklags, and Berendt (2001):
privacy “advocates” & cameras
• Everyday examples
 Dot com deathbed
 Abundance of information sharing
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
46
Explanations
Syverson (2003)
• “Rational, after all” explanation
Shostack (2003)
• “When it matters” explanation
Huberman (2004)
• “Privacy and deviance” explanation
Are there other explanations?
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
47
Personal information
is a very peculiar economic good
Asymmetric information
• Individual does not know how, how often, for
how long her information will be used
• Intrusions invisible and ubiquitous
• Externalities and moral hazard
Ex-post
• Value uncertainty
• Keeps on affecting individual after transaction
• Imagine: lump sum vs. negative annuity
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
48
Personal information
is a very peculiar economic good
Context-dependent (states of the world)
• Anonymity sets
• Recombinant growth
• Sweeney (2002): 87% of Americans uniquely
identifiable from ZIP code, birth date, and sex
Subjective
• “Willingness to pay” affected by considerations
beyond traditional market reasoning
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
49
Personal information
is a very peculiar economic good
Both private and public good aspects
• As information, it is non rival and non
excludable
• Yet the more other parties use that personal
information, the higher the risks for original
data owner
Buy vs. sell
• Individuals value differently protection and sale
of same piece of information
 Like insurance, but…
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
50
… maybe because…
 … privacy issues actually originate from two
different markets
• Market for personal information
• Market for privacy
 Related, but not identical
 Confusion leads to inconsistencies
• Different rules, attitudes, considerations





Public vs. private
Selling vs. buying
Specific vs. generic
Value for other people vs. damage to oneself
Lump sum vs. negative annuity
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
51
Privacy and rationality
Traditional economic view: forward looking
agent, utility maximizer, bayesian updater,
perfectly informed
• Both in theoretical works on privacy
• And in empirical studies
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
52
Yet: privacy trade-offs
Protect:
• Immediate costs or loss of immediate benefits
• Future (uncertain) benefits
Do not protect:
• Immediate benefits
• Future (uncertain) costs
(sometimes, the reverse may be true)
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
53
Why is this problematic?
Incomplete information
Bounded rationality
Psychological/behavioral distortions
Theory: Acquisti ACM EC 04
Empirical approach: Acquisti and Grossklags IEEE
S&P 05
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
54
1. Incomplete information
 What information has the individual access to
when she takes privacy sensitive decisions?
• For instance, is she aware of privacy invasions
and associated risks?
• Is she aware of benefits she may miss by
protecting her personal data?
• What is her knowledge of the existence and
characteristics of protective technologies?
 Privacy:
• Asymmetric information
 Exacerbating: e.g., RFIDS, GPS
• Material and immaterial costs and benefits
• Uncertainty, ex post evaluations
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
55
2. Bounded rationality
Is the individual able to calculate all the
parameters relevant to her choice?
• Or is she limited by bounded rationality?
Privacy:
• Decisions must be based on several stochastic
assessments and intricate “anonymity sets”
• Inability to process all the stochastic
information related to risks and probabilities of
events leading to privacy costs and benefits
• E.g., HIPAA
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
56
3. Psychological/behavioral distortions
Privacy and deviations from rationality
• Optimism bias
• Complacency towards large risks
• Inability to deal with prolonged accumulation of
small risks
• Coherent arbitrariness
• “Hot/cold” theory
• Hyperbolic discounting, immediate gratification
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
57
Consequences
 Rationality model not appropriate to describe
individual privacy behavior
 Time inconsistencies lead to under protection and
over release of personal information
 Genuinely privacy concerned individuals may end
up not protecting their privacy
 Also sophisticated users will not protect
themselves against risks
 Large risks accumulate through small steps
 Not knowing the risk is not always the issue
• Confounding factors: risk aversion, neutrality, etc.
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
58
Conclusions
Implications
• Privacy easier to protect than to sell
• Self-regulation alone, or reliance on technology
and user responsibility alone, will not work
• Economics can show what to protect, what to
share
• Technology can implement chosen directions
• Law can send appropriate signals to the
market in order to enforce technology
Source: Alessandro Acquisti http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/
60