Three Policy Interventions for Reducing Privacy Harms

You may also like...

4 Responses

  1. A.J. Sutter says:

    Your focus seems to be on the timing of harm, so you put information disclosure in the middle. But I’m not sure that’s the most fruitful dimension along which to organize these remedies — how about degree of recourse for consumers? Information disclosure alone seems more like a way to exculpate actors from doing bad things as long as they announce they’re doing so — i.e., laissez faire is fine as long as it’s in your face. Consumers then assume the risk. This is certainly in keeping with the current Hayekian vogue of subsuming legal institutions to market ones, but it isn’t necessary salutary. The public needs to have some guidelines as to what’s acceptable and what isn’t; in many cases regulation plus disclosure seems a better combination, at least where consumers are concerned.

    (For the record, I’ve found nutrition labels generally to be helpful, including in franchise juice bars where I too often discovered ostensibly “healthy” drinks with 1,000+ calories, and in convenience stores here in Japan, where an innocuous looking roll will have 500+.)

  2. S T LaRue says:

    Subtexting all of this is the definition of harm. Can you clearly state this? Can you state from whose perspective harm is to be defined by? Currently, it is from the information steward’s perspective and not from the information owner’s? One cannot assume that the two entities are the same or that the information steward/holder will define harm in the best interest of consumer/owner.

  3. Sasha says:

    A J,

    Certainly you’re right that there would be other interventions we could investigate (tax, insurance, etc) and distinguishing them by timing is just one way to evaluate them.

    And yes, you make a good point that disclosure may simply transfer the burden to individuals, which hardly seems fair. And I would agree.

    The advantage of disclosure — especially for a new kind of harm such as identity theft — may be that if consumers care enough, they can take action to punish the firms for their bad behaviors (selling stock, purchasing elsewhere). So yes, indeed, disclosure can burden consumers, but it can also empower them — in this sense by exerting market pressure.

    And indeed, I have yet to see only one of these policies used exclusively.

  4. Sasha says:

    S T,

    I’m not entirely sure if I understand your comment, but let me try to respond.

    If your point is regarding the source of the harm (however we choose to define that), this introduces a delicate, but interesting situation.

    You’re likely familiar with Ronald Coase and his discussion of reciprocating social cost. The canonical example is the baker on the street level who produces noise, disturbing the doctor’s patients in his office on the upper floor.

    We may initially feel that yes, the baker is imposing a cost on the doctor and the baker should therefore be fined or enjoined from operating. However, isn’t the doctor imposing restrictions on the baker, and therefore, should the baker not also be enjoined? After all, it is a function of both parties who cause this externality. It’s no longer clear who is the ‘injurer’ and who is the ‘victim.’

    Some may feel, then, that regarding data breaches and identity theft that obviously the company is the injurer when consumer information is improperly disclosed. However, if the consumer didn’t provide the information in the first place (i.e. if they shopped somewhere else), aren’t they, at least in part, somewhat responsible?

    As I said, it is a delicate, but very interesting point.