Protecting Online Privacy: Self-Regulation, Mandatory Standards, or Caveat Emptor


Information technology-enabled markets enhance retailers’ ability to collect, aggregate, and transfer consumer information. These technological capabilities have raised concerns that this information could be used in ways the consumer would not anticipate or authorize. These concerns have been met with a variety of proposals including approaches placing the onus for protection on consumers, industry self-regulation, and government legislation of mandatory protection standards. However, there has been no research to understand under what circumstances each of these regimes will produce optimal outcomes for customers, retailers, and society. Our research seeks to answer this question using analytic models of asymmetric information. Our results show that the optimal privacy protection regime depends critically on the characteristics of the market —the number of individuals who face a loss from privacy violations and the size of the loss they face. We find that regimes that place the onus on consumers are socially optimal when few people are sensitive to privacy violations or when the loss they face from privacy violations is low. Conversely, when many people care about privacy protection and the potential loss they face is high, mandatory standards are socially optimal. Finally, for intermediate values, seal-of-approval programs provide socially optimal privacy protection. (Privacy; Consumer Surplus; Social Welfare; Internet; Consumer Information) Acknowledgements: The authors thank Pei-Yu Chen, Roy Jones, Sandra Slaughter, Tunay Tunca, three anonymous referees at the 2005 Workshop on the Economics of Information Security, and seminar participants at the 2003 Workshop on Information Systems and Economics and Tepper School of Business at Carnegie Mellon University for helpful comments on this research * Tepper School of Business, Carnegie Mellon University, Pittsburgh, PA, 15213. email: † Sloan School of Management, MIT, Cambridge, MA 02142. email: ‡ H. John Heinz III School of Public Policy and Management, Carnegie Mellon University, Pittsburgh, PA, 15213. email:


8 Figures and Tables

Download Full PDF Version (Non-Commercial Use)