The EU is apparently thinking of adopting common and highly restrictive privacy standards which would make use of information by firms much more difficult and would require, for example, that data be retained only as long as necessary.  This is touted as pro-consumer legislation.  However, the effects would be profoundly anti-consumer.  For one thing, ads would be much less targeted, and so consumers would get less valuable ads and would not learn as much about valuable prodcts and services aimed at their interests.  For another effect, fraud and identity theft would become more common as sellers could not use stored information to verify identity.  Finally, costs of doing buisness would increase, and so we would expect to see fewer innovations aimed at the European market, and some sellers might avoid that market entirely.

Filed under: privacy

Today’s Wall Street Journal has a long article-debate on privacy.  The strongest pro-privacy is Christopher Soghoian of the Open Society Institute.  He confuses commercial privacy with government privacy:

“The dirty secret of the Web is that the “free” content and services that consumers enjoy come with a hidden price: their own private data. Many of the major online advertising companies are not interested in the data that we knowingly and willingly share. Instead, these parasitic firms covertly track our web-browsing activities, search behavior and geolocation information. Once collected, this mountain of data is analyzed to build digital dossiers on millions of consumers, in some cases identifying us by name, gender, age as well as the medical conditions and political issues we have researched online.”

When asked “Why is that a problem” he replies

“Many of the dangers posed by digital dossiers do not occur regularly, but are incredibly destructive to people’s lives when they do. An unlucky few will be stalked, fired, surveilled, arrested, deported or even tortured, all as a result of the data kept about them by companies and governments. Much more common are the harms of identity theft or public embarrassment. Even when companies follow best practices—and few do—it is impossible to be completely secure.”

Note that “parasitic firms” are collecting the data which is then used for arrest, deportation, and torture.  A bit of a disconnect. Identity theft is a problem, but the risk is decreasing and the costs are almost always low.  Moreover, identity thieves are crooks, not firms.

What is particularly interesting about the article is the survey data reported.  It demonstrates peoples’ confusion about the issues.  92% of the adults surveyed  “Think that there should be a law that requires websites and advertising companies to delete all stored information about an individual” but between 32% and 47% would like websites to provide information of some sort (ads: 32%, discounts: 47%, or news: 40%) “tailored to their interests.”  But of course these numbers are totally inconsistent.  If websites cannot keep any information about an individual, then they cannot provide tailored information since there will be nothing on which to base the tailoring.  The relevant questions are tradeoff questions, but the reported survey does not address these.

Filed under: advertising, privacy

The Obama Administration is advocating a privacy bill.  One provision will limit the use of data to the purpose for which it was collected unless a consumer gives permission for additional uses; another will give consumers increased rights to access information about themselves.

Both of these provisions may actually reduce safety of data online.  One additional purpose for which data can be used is to verify identity in cases where there is some doubt.  Many of us have had the experience of having a merchant call a credit card company and ask a series of questions to verify our identity.  This bill would apparently make that process more difficult.  This would lead either to increased inconvenience or increased risk.  This provision is enforced in Europe and there is some evidence that identity theft is more common there.

There is also a danger of allowing increased access to information.  A thief who obtains some information about a consumer may be able to use this to spoof   the system and obtain access to much more information, which will facilitate more harmful forms of theft.

The more fundamental issue is that there is no cost benefit analysis showing that any regulation is justified, as I showed in my previous post on this issue.

Filed under: privacy

As I mentioned in my previous post, there is a strong effort to regulate the use of information on the web in the name of “privacy.” The basic tradeoff that drives the web is that firms use information for advertising and other purposes,and in return consumers get lots of things free.  Google alone offers about 40 free services, including the original  search engine, gmail, maps, and the increasingly popular android operating system for mobile devices. Facebook is another set of free services. There are hundreds of others, all ultimately funded by advertising and the use of information.  Any effort to regulate information is going to change the terms at which these services are offered.

To justify regulation, two conditions must be met.  First there must be some market failure.  Second, there must be at least an expectation that the benefits of the proposed regulation will outweigh the costs.  In a market economy, we generally put the burden of proof on those proposing regulation, since the default assumption is that markets provide net benefits.  Proponents of regulating the use of information on the internet have met neither of these burdens.

One main justification for regulation is that people do not want to be tracked. I discussed this issue in my previous post.  Let me just add that, while people express a desire not to be tracked, in practice they seem quite willing to trade information for other services.  The other issue is identity theft — the possibility that information will be misused for illegitimate purposes.  Tom Lenard and I have written extensively about this issue. The bottom line, however, is that consumers are not liable for much if any of the costs of identity theft, and since firms must bear these costs there is no obvious market failure.

With respect to the second issue, there has been virtually no effort to undertake any cost benefit analysis of the proposed regulations.  However, if there were such an analysis, it is unlikely that regulations would be cost justified since the benefits of the free stuff are huge and the costs are small at best.  While it is conceivable that some tweaking would pass a cost-benefit test, it is very unlikely that any regulation which could get through the political process and then be administered by an agency such as the FTC would in fact pass this test.  Moreover, the proposed regulations, such as a “do not track” list or shifting from opt out to opt in are well beyond “tweaking” and might fundamentally change the terms of the tradeoff.

The bottom line is this:  Privacy advocates act as if privacy is free.  But increased privacy means reduced use of information, and no one has shown that altering the terms of this tradeoff would be beneficial to consumers.

Filed under: cost-benefit analysis, privacy Tagged: cost-benefit analysis, privacy

Chris Hoofnagle writing at the TAP blog about Facebook’s comprehensive privacy options (“To opt out of full disclosure of most information, it is necessary to click through more than 50 privacy buttons, which then require choosing among a total of more than 170 options.”) claims that…

Read the full piece here. 

Last June, Christine Varney, then a lawyer in private practice, now President Obama’s nominee to be the next Assistant Attorney General for Antitrust, warned that Google, not Microsoft, is the monopolist of the future.  “For me, Microsoft is so last century. They are not the problem,” Varney said at a June 19 panel discussion sponsored by the American Antitrust Institute. The U.S. economy will “continually see a problem — potentially with Google” because it already “has acquired a monopoly in Internet online advertising.”  Concerns of this nature ultimately led Tom Barnett, the last Assistant Attorney General for Antitrust, to threaten a Sherman Act monopolization lawsuit if Google went through with plans to buy Yahoo.  Google, on the other hand, contends that the concerns are completely misplaced.  “The nature of the Internet is just a fundamentally different world from the sale of packaged software or the bundling of software with OEMs (original equipment manufacturers),” according to Kent Walker, Google’s General Counsel.  “The standard line we have is that competition is just one click away.”

Panelists:

• Mr. Scott Cleland, President, Precursor LLC and Chairman, NetCompetition.org
• Ms. Susan Creighton, Partner, Wilson Sonsini Goodrich & Rosati, PC
• Prof. Geoffrey Manne, Founder and Executive Director, International Center for Law & Economics and Lecturer in Law, Lewis & Clark Law School
• Mr. Rick Rule, Partner, Cadwalader, Wickersham & Taft LLP
• Moderator: Mr. Montgomery N. Kosma, Vice President of Legal Services Outsourcing, CPA Global

Full audio is embedded below.

Well, you probably know my answer to that one.

I was interested to read Fred von Lohmann’s short take on the privacy aspects of the Google Books Settlement, available here.

Read the full piece here.

In the comments to this post, Peter Swire (Ohio State) points to some recent comments (see also here and  here) he submitted to the Federal Trade Commission on how to incorporate privacy into conventional antitrust analysis.  The privacy and antitrust link appears to be something that will receive quite a bit of attention in the coming months and years.  The basic argument in favor of incorporating privacy into antitrust analysis under appropriate circumstances is not too controversial…

Read the full piece here. 

Randy Picker (HT: Randy) has posted an interesting new paper to SSRN entitled “Competition and Privacy in Web 2.0 and the Cloud“.   It is an insightful look at the how privacy rules imposed on Web intermediaries might raise competition concerns.  Consider, for example, the relationship between privacy rules and vertical integration that Picker highlights as a potential unintended consequence of privacy rules…

Read the full piece here.