Privacy: Can It Ever Be Protected on the Internet by Eric Goldman

Privacy: Can It Ever Be Protected on the Internet?
Eric Goldman
General Counsel, Epinions, Inc.
(speaking for himself, not Epinions)

1.                  Do People Care About Privacy?

  • Surveys usually say people do, but…
  • People “sell” their contact info relatively cheaply
    • Sweepstakes / email newsletters / loyalty programs
    • Street value: $0.50 – $2.00 per person?
  • People don’t read privacy policies
  • Low adoption of privacy technology controls
    • Cookies
    • Anonymizer / remailers
    • Email filters
  • People respond to targeted ads/offers

2.                  Why Don’t People Do More to Manifest their Privacy Concerns?

  • Privacy control benefits v. transaction costs
    • It’s time-consuming to read a privacy policy
    • It’s even more time-consuming to keep up with policy changes
    • Transaction costs of opting-out
    • Hassle factor of using technology controls
    • People want services/benefits/relevant info

3.                  Is Regulation Needed?

  • Does transaction cost diffuseness leads to market failure that can be cured only by regulation?
  • But, user segmentation of how much users care about privacy
  • Why protect the people who care?

4.         Regulatory Failures

  • COPPA (verifiable parental consent)
    • It was already tough to make money from kids
    • Compliance costs were high
    • Many businesses stopped catering to kids or stopped collecting age information
  • Graham-Leach-Bliley (mandatory disclosures by financial institutions)
    • Transaction costs of disclosure
    • Privacy disclosures too long and complex
    • But disclosures uniformly said don’t expect privacy
    • Transaction costs of opting-out

5.                  Conclusions

  • Only a small portion of the bell curve cares about privacy enough to do something about it
  • And, those people vote with their time/money
  • Rest of people may prefer cheap and immediate benefits over expensive regulation