Electronic Markets

, Volume 25, Issue 2, pp 161–167 | Cite as

The challenges of personal data markets and privacy

  • Sarah Spiekermann
  • Alessandro Acquisti
  • Rainer Böhme
  • Kai-Lung Hui
Position Paper


Personal data is increasingly conceived as a tradable asset. Markets for personal information are emerging and new ways of valuating individuals’ data are being proposed. At the same time, legal obligations over protection of personal data and individuals’ concerns over its privacy persist. This article outlines some of the economic, technical, social, and ethical issues associated with personal data markets, focusing on the privacy challenges they raise.


Privacy Data protection Personal data markets Internet economics Big data 

JEL classification

K20 K40 L14 L20 M30 


  1. Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the 5th ACM Conference on Electronic Commerce (pp. 21–29). ACM.Google Scholar
  2. Acquisti, A. (2009). Nudging privacy: the behavioral economics of personal information. IEEE Security and Privacy Magazine, 7(6), 82–85.CrossRefGoogle Scholar
  3. Acquisti, A. (2010). The economics of personal data and the economics of privacy. Background Paper for OECD Joint WPISP-WPIE Roundtable, 1.Google Scholar
  4. Acquisti, A. (2014). The economics and behavioral economics of privacy. In: J. Lane, V. Stodden, S. Bender, H. Nissenbaum (Eds.), Privacy, big data, and the public good: Frameworks for engagement. Cambridge University Press.Google Scholar
  5. Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security and Privacy Magazine, 3(1), 26–33.CrossRefGoogle Scholar
  6. Acquisti, A., & Varian, H. (2005). Conditioning prices on purchase history. Marketing Science, 24(3), 367–381.CrossRefGoogle Scholar
  7. Acquisti, A., Friedman, A., Telang, R. (2006). Is there a cost to privacy breaches? An event study analysis. Proc International Conference on Information Systems (ICIS), Milwaukee.Google Scholar
  8. Acquisti, A., John, L. K., & Loewenstein, G. (2013). What is privacy worth? The Journal of Legal Studies, 42(2), 249–274.CrossRefGoogle Scholar
  9. Awad, N. F., & Krishnan, M. S. (2006). The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Quarterly, 30(1), 13–28.Google Scholar
  10. Berendt, B., Guenther, O., & Spiekermann, S. (2005). Privacy in e-commerce: stated preferences vs. actual behavior. Communications of the ACM, 48(4), 101–106.CrossRefGoogle Scholar
  11. Berthold, S., & Böhme, R. (2009). Valuating privacy with option pricing theory. In T. Moore, D. Pym, & C. Ioannidis (Eds.), Economics of information security and privacy (pp. 187–209). New York: Springer.Google Scholar
  12. Böhme, R., & Koble, S. (2007). Pricing strategies in electronic marketplaces with privacy-enhancing technologies. Wirtschaftsinformatik, 49(1), 16–25.CrossRefGoogle Scholar
  13. Böhme, R., & Pötzsch, S. (2010). Privacy in online social lending. Proc AAAI Spring Symposium: Intelligent Information Privacy Management, Palo Alto, pp 23–28.Google Scholar
  14. Cao, Z., Hui, K. L., Xu, H. (2014). An economic analysis of peer-disclosure in online social communities. Unpublished manuscript, Hong Kong University of Science and Technology.Google Scholar
  15. Chaum, D. (1985). Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10), 1030–1044.CrossRefGoogle Scholar
  16. Coase, R. (1960). The problem of social cost. Journal of Law and Economics, 3(1), 1–44.CrossRefGoogle Scholar
  17. Cranor, L. F. (2002). Web privacy with P3P. O’Reilly.Google Scholar
  18. Danezis, G., Lewis, S., Anderson, R. J. (2005). How much is location privacy worth? Proc 4th annual Workshop on the Economics of Information Security (WEIS), Harvard Univ.Google Scholar
  19. Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61–80.CrossRefGoogle Scholar
  20. Dwork, C. (2011). A firm foundation for private data analysis. Communications of the ACM, 54(1), 86–95.CrossRefGoogle Scholar
  21. Gentry, C. (2010). Computing arbitrary functions of encrypted data. Communications of the ACM, 53(3), 97–105.CrossRefGoogle Scholar
  22. Goldfarb, A., & Tucker, C. (2011). Online advertising, behavioral targeting, and privacy. Communications of the ACM, 54(5), 25–27.CrossRefGoogle Scholar
  23. Grossklags, J., & Acquisti, A. (2007). When 25 cents is too much: An experiment on willingness-to-sell and willingness-to-protect personal information. In: WEIS.Google Scholar
  24. Hamlin, K. (2013). Market models in the personal data ecosystem. Vienna: European Workshop for Trust and Identity.Google Scholar
  25. Hann, I. H., Hui, K. L., Lee, T. S. Y., & Png, I. P. L. (2007). Overcoming online information privacy concerns: an information processing theory approach. Journal of Management Information Systems, 42(2), 13–42.CrossRefGoogle Scholar
  26. Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., & Waidner, M. (2004). Privacy-enhancing identity management. Information Security Technical Report, 9(1), 35–44.CrossRefGoogle Scholar
  27. Henkel, J., & von Hippel, E. (2005). Welfare implications of user innovation. Journal of Technology Transfer, 30(1/2), 73–87.Google Scholar
  28. Hong, W., & Thong, J. Y. L. (2013). Internet privacy concerns: an integrated conceptualization and four empirical studies. MIS Quarterly, 37(1), 275–298.Google Scholar
  29. Huberman, B. A., Adar, E., & Fine, L. R. (2005). Valuating privacy. IEEE Security and Privacy Magazine, 3(1), 22–25.CrossRefGoogle Scholar
  30. Hui, K. L., & Png, I. P. L. (2006). The economics of privacy. In: T. J. Hendershott (ed), Handbooks in information systems. Vol 1 (pp. 471–493). Elsevier.Google Scholar
  31. Hui, K. L., Teo, H. H., & Lee, T. S. Y. (2007). The value of privacy assurance: an exploratory field experiment. MIS Quarterly, 31(1), 19–33.Google Scholar
  32. Iachello, G., & Hong, J. (2007). End-user privacy in human-computer interaction. Foundations and Trends in Human-Computer Interaction, 1(1), 1–137.CrossRefGoogle Scholar
  33. Internet Life Stats (2014). In: Twitter usage [Online]. Available at:
  34. Jentzsch, N., Preibusch, S., & Harasser, A. (2012). Study on monetising privacy. Heraklion: European Network and Information Security Agency (ENISA).Google Scholar
  35. John, L., Acquisti, A., & Loewenstein, G. (2011). Strangers on a plane: context-dependent willingness to divulge personal information. Journal of Consumer Research, 37(5), 858–873.CrossRefGoogle Scholar
  36. Kenny, S., & Korba, L. (2002). Applying digital rights management systems to privacy rights management. Computers & Security, 21(7), 648–664.CrossRefGoogle Scholar
  37. Laudon, K. C. (1996). Markets and privacy. Communications of the ACM, 39(9), 92–104.CrossRefGoogle Scholar
  38. Lesk, M. (2012). The price of privacy. IEEE Security and Privacy Magazine, 10(5), 79–81.CrossRefGoogle Scholar
  39. Li, X., & Sarkar, S. (2006). A data perturbation approach to privacy protection in data mining. Information Systems Research, 17(3), 254–270.CrossRefGoogle Scholar
  40. Maguire, S., Friedberg, J., Nguyen, M.-H. C., Haynes, P. (2015). A metadata-based architecture for user-centered data accountability. Electronic Markets, 25(2). doi: 10.1007/s12525-015-0184-z.
  41. Menon, S., Sarkar, S., & Mukherjee, S. (2005). Maximizing accuracy of shares databases when concealing sensitive patterns. Information Systems Research, 16(3), 256–270.CrossRefGoogle Scholar
  42. NA (2013). Unpublished manuscript submitted to ECIS 2013.Google Scholar
  43. Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: personal information disclosure intentions versus behavior. Journal of Consumer Affairs, 41(1), 100–126.CrossRefGoogle Scholar
  44. Noyes, D. (2014). In: The top 20 valuable Facebook statistics—Updated October 2014. zephoria internet marketing solutions. Available at: Accessed 20 Jan 2015.
  45. OECD. (2013). Exploring the economics of personal data: A survey of methodologies for measuring monetary value. In OECD digital economy papers. Paris: OECD.Google Scholar
  46. Pearson, S., & Mont, M. C. (2011). Sticky policies: an approach for managing privacy across multiple parties. IEEE Computer, 44(9), 60–68.CrossRefGoogle Scholar
  47. Purtova, N. (2012). Property rights in personal data: A European perspective. Uitgeverij: BOX Press.Google Scholar
  48. Radicati, S. (2014). E-mail statistics report, 2014–2018. Paolo Alto: The Radicati Group Inc.Google Scholar
  49. Roeber, B., Rehse, O., Knorrek, R., Thomsen, B. (2015). Personal data: how context shapes consumers’ data sharing with organizations from various sectors. Electronic Markets 25(2). doi: 10.1007/s12525-015-0183-0.
  50. Romanosky, S., Hoffman, D., Acquisti, A. (2012). Empirical analysis of data breach litigation. Proc 11th annual Workshop on the Economics of Information Security (WEIS). Berlin.Google Scholar
  51. Sackmann, S., Strüker, J., & Accorsi, R. (2006). Personalization in privacy-aware highly dynamic systems. Communications of the ACM, 49(9), 32–38.CrossRefGoogle Scholar
  52. Samuelson, P. (2000). Privacy as intellectual property?. Stanford Law Review, 1125–1173.Google Scholar
  53. Schunter, M., & Powers, C. (2003). The enterprise privacy authorization language (EPAL 1.1). Accessed 28 Feb 2013.
  54. Schwartz, P. M. (2004). Property, privacy, and personal data. Harvard Law Review, 117(7), 2056–2128.CrossRefGoogle Scholar
  55. Searls, D. (2012). The intention economy. Boston: Harvard Business.Google Scholar
  56. Shapiro, C., & Varian, H. (1998). Information rules. Boston: Harvard Business.Google Scholar
  57. Smith, J. H., Milberg, S. J., & Burke, S. J. (1996). Information privacy: measuring individuals’ concerns about organizational practices. MIS Quarterly, 20(2), 167–196.CrossRefGoogle Scholar
  58. Solove, D. J. (2005). A taxonomy of privacy. University of Pennsylvania Law Review, 154(3), 477–560.CrossRefGoogle Scholar
  59. Spiekermann, S., & Novotny, A. (2015). A vision for global privacy bridges: technical and legal measures for international data markets. Compuer Law & Security Review (CLSR), 31(2), 181–200.CrossRefGoogle Scholar
  60. Spiekermann, S., Korunovska, J., Bauer, C. (2012). Psychology of ownership and asset defence: Why people value their personal information beyond privacy. Proc International Conference on Information Systems (ICIS), Orlando.Google Scholar
  61. Sweeney, L. (2002). k-anonymity: a model for protecting privacy. International Journal of Uncertainty Fuzziness and Knowledge-Based Systems, 10(5), 557–570.CrossRefGoogle Scholar
  62. The Boston Consulting Group (2012). The value of our digital identity. Liberty Global.Google Scholar
  63. Tufekci, Z. (2008). Can you see me now? Audience and disclosure regulation in online social network sites. Bulletin of Science Technology and Society, 28(1), 20–36.CrossRefGoogle Scholar
  64. World Economic Forum (2011). Personal data: The emergence of a new asset class. Davos.Google Scholar
  65. World Economic Forum (2012). Rethinking personal data: Strengthening trust. Davos.Google Scholar
  66. Zwick, D., & Dholakia, N. (2004). Whose identity is it anyway? Consumer representation in the age of database marketing. Journal of Macromarketing, 24(1), 31–43.CrossRefGoogle Scholar

Copyright information

© Institute of Information Management, University of St. Gallen 2015

Authors and Affiliations

  • Sarah Spiekermann
    • 1
  • Alessandro Acquisti
    • 2
  • Rainer Böhme
    • 3
  • Kai-Lung Hui
    • 4
  1. 1.Vienna University of Economics and Business (WU Vienna)ViennaAustria
  2. 2.Heinz CollegeCarnegie Mellon UniversityPittsburghUSA
  3. 3.Institut für WirtschaftsinformatikWestfälische Wilhelms Universität MünsterMünsterGermany
  4. 4.School of Business and ManagementThe Hong Kong University of Science and TechnologyHong KongChina

Personalised recommendations