Privacy: Can It Ever Be Protected on the Internet?
Eric Goldman
General Counsel, Epinions, Inc.
(speaking for himself, not Epinions)
1. Do People Care About Privacy?
- Surveys usually say people do, but…
- People “sell” their contact info relatively cheaply
- Sweepstakes / email newsletters / loyalty programs
- Street value: $0.50 – $2.00 per person?
- People don’t read privacy policies
- Low adoption of privacy technology controls
- Cookies
- Anonymizer / remailers
- Email filters
- People respond to targeted ads/offers
2. Why Don’t People Do More to Manifest their Privacy Concerns?
- Privacy control benefits v. transaction costs
- It’s time-consuming to read a privacy policy
- It’s even more time-consuming to keep up with policy changes
- Transaction costs of opting-out
- Hassle factor of using technology controls
- People want services/benefits/relevant info
3. Is Regulation Needed?
- Does transaction cost diffuseness leads to market failure that can be cured only by regulation?
- But, user segmentation of how much users care about privacy
- Why protect the people who care?
4. Regulatory Failures
- COPPA (verifiable parental consent)
- It was already tough to make money from kids
- Compliance costs were high
- Many businesses stopped catering to kids or stopped collecting age information
- Graham-Leach-Bliley (mandatory disclosures by financial institutions)
- Transaction costs of disclosure
- Privacy disclosures too long and complex
- But disclosures uniformly said don’t expect privacy
- Transaction costs of opting-out
5. Conclusions
- Only a small portion of the bell curve cares about privacy enough to do something about it
- And, those people vote with their time/money
- Rest of people may prefer cheap and immediate benefits over expensive regulation