This article is one of a series covering the Federal Trade Commission’s 2018 PrivacyCon event. The conference featured research on privacy implications of Internet technologies and smart devices. For a full list of Consumers’ Research’s articles on this event, click here.
Caleb Fuller, an assistant professor of economics at Grove City College performed an empirical study on how consumers value privacy. The professor tests three common claims about privacy as a market failure.
Fuller talked about why so many digital firms engage in information collection rather than alternative methods of earning revenue. He asserts that firms pursue this strategy because consumers are ill-informed and thus susceptible to exploitation. Fuller also mentioned that individuals only express a significant demand for digital privacy when they are not forced to consider the opportunity cost of making that choice. According to Fuller, should consumers prefer a higher level of privacy than markets currently afford, there is a profitable opportunity in exposing Google’s practices and establishing alternative business models, as has been done by DuckDuckGo, a search engine that does not track browsers.
The paper attempts to evaluate those three claims through survey evidence:
There is widespread information asymmetry between firms and consumers
Consumers value their privacy highly
In another question, 59 percent of users said they were only willing to pay less than 1 cent daily to prevent Google from collecting their data.
Fuller also points out that for Google to maintain their level of profitability, they would need to charge $70 annually from every user. This amount is far above what most users are willing to pay to protect their privacy, per the survey results.
Consumers dislike information collection for one of four reasons all of which are features of unhampered markets
Fuller’s conclusion is that there likely is no market failure when it comes to privacy ,and the lack of privacy likely stems from low consumer valuation rather than market failure.
Gunes Acar of Princeton University presented the exfiltration of personal data by session-replay scripts. According to Acar, these scripts are known to record keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the web pages visited and sent them to third-party servers. Unlike typical web analytics services that provide aggregate statistics, session replay scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over the visitor’s shoulder. The underlying problem is that the collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to be sent to the third-party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes.