International Workshop on Security and Trust Management

Security and Trust Management pp 89-104 | Cite as

Towards Balancing Privacy and Efficiency: A Principal-Agent Model of Data-Centric Business

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9331)

Abstract

Personal data has emerged as a crucial asset of the digital economy. However, unregulated markets for personal data severely threaten consumers’ privacy. Based upon a commodity-centric notion of privacy, this paper takes a principal-agent perspective on data-centric business. Specifically, this paper presents an economic model of the privacy problem in data-centric business, in that drawing from contract theory. Building upon a critical analysis of the model, this paper analyzes how regulatory and technological instruments could balance efficiency of markets for personal data and data-subjects’ right to informational self-determination.

Keywords

Privacy economics Privacy Property rights Accountability Principal-agent model 

References

  1. 1.
    Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in e-Commerce: examining user scenarios and privacy preferences. In: Proceedings of EC 1999, pp. 1–8. ACM (1999)Google Scholar
  2. 2.
    Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of EC 2004, pp. 21–29. ACM, New York (2004)Google Scholar
  3. 3.
    Acquisti, A., Gross, R.: Imagined communities: awareness, information sharing, and privacy on the facebook. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 36–58. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  4. 4.
    Akerlof, G.A.: The market for “Lemons”: quality uncertainty and the market mechanism. Q. J. Econ. 84(3), 488–500 (1970)CrossRefGoogle Scholar
  5. 5.
    Ashley, P., Powers, C., Schunter, M.: From privacy promises to privacy management. In: Proceedings of NSPW 2002, pp. 43–50. ACM (2002)Google Scholar
  6. 6.
    Bergelson, V.: It’s personal but is it mine? toward property rights in personal information. U.C. Davis Law Rev. 37(2), 379–452 (2003)MathSciNetGoogle Scholar
  7. 7.
    Bohrer, K., Liu, X., Kesdogan, D., Schonberg, E., Singh, M., Spraragen, S.: Personal information management and distribution. In: Proceedings of ICECR-4 (2001)Google Scholar
  8. 8.
    Buchmann, J., Nebel, M., Rossnagel, A., Shirazi, F., Fhom, H.S., Waidner, M.: Personal information dashboard: putting the individual back in control. In: Digital Enlightenment Yearbook 2013, pp. 139–164. IOS Press (2013)Google Scholar
  9. 9.
    Bundesverfassungsgericht: BVerfG, Urteil v. 15. Dezember 1983, Az. 1 BvR 209, 269, 362, 420, 440, 484/83 (1983)Google Scholar
  10. 10.
    Campbell, J.E., Carlson, M.: Panopticon.com: online surveillance and the commodification of privacy. J. Broadcast. Electron. Media 46(4), 586–606 (2002)CrossRefGoogle Scholar
  11. 11.
    Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: sticky policies and enforceable tracing services. In: Proceedings of DEXA 2003, pp. 377–382. IEEE (2003)Google Scholar
  12. 12.
    Chellappa, R.K., Shivendu, S.: An economic model of privacy: a property rights approach to regulatory choices for online personalization. J. Manage. Inf. Syst. 24(3), 193–225 (2007)CrossRefGoogle Scholar
  13. 13.
    Cheng, V., Hung, P., Chiu, D.: Enabling web services policy negotiation with privacy preserved using XACML. In: Proceedings of HICSS 2007, pp. 33–33. IEEE (2007)Google Scholar
  14. 14.
    Cranor, L., Langheinrich, M., Marchiori, M.: A P3P Preference Exchange Language 1.0 (APPEL1.0) (2002). http://www.w3.org/TR/P3P-preferences/
  15. 15.
    Cuijpers, C.: A private law approach to privacy; mandatory law obliged? SCRIPT-ed 4(4), 304–318 (2007)CrossRefGoogle Scholar
  16. 16.
    Davies, S.G.: Re-engineering the right to privacy: how privacy has been transformed from a right to a commodity. In: Technology and privacy, pp. 143–165. MIT Press (1997)Google Scholar
  17. 17.
    Evans, D.S.: The economics of the online advertising industry. Rev. Netw. Econ. 7(3), 1–33 (2008)CrossRefGoogle Scholar
  18. 18.
    Fischer-Hübner, S., Hedbom, H., Wästlund, E.: Trust and assurance HCI. In: Camenisch, J., Fischer-Hübne, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 245–260. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Franke, N., Keinz, P., Steger, C.J.: Testing the value of customization: when do customers really prefer products tailored to their preferences? J. Mark. 73, 103–121 (2009)CrossRefGoogle Scholar
  20. 20.
    Fujitsu Res. Inst.: Personal data in the cloud: a global survey of consumer attitudes (2010). http://www.fujitsu.com/downloads/SOL/fai/reports/fujitsu_personal-data-in-the-cloud.pdf
  21. 21.
    Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: Proceedings of WPES 2005, pp. 71–80. ACM (2005)Google Scholar
  22. 22.
    Hansen, M.: Marrying transparency tools with user-controlled identity management. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds.) FIDIS 2007. IFIP Advances in Information and Communication Technology, vol. 262, pp. 199–220. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Hanson, C., Kagal, L., Berners-Lee, T., Sussman, G., Weitzner, D.: Data-purpose algebra: modeling data usage policies. In: Proceedings of POLICY 2007, pp. 173–177. IEEE (2007)Google Scholar
  24. 24.
    Howe, D.C., Nissenbaum, H.: TrackMeNot: resisting surveillance in web search. In: Lessons from the Identity Trail: Anonymity, Privacy, and Identity in a Networked Society, pp. 417–436. Oxford University Press (2009)Google Scholar
  25. 25.
    Janic, M., Wijbenga, J., Veugen, T.: Transparency enhancing tools (TETs): an overview. In: STAST 2013, pp. 18–25 (2013)Google Scholar
  26. 26.
    Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)CrossRefGoogle Scholar
  27. 27.
    Laudon, K.C.: Markets and privacy. Commun. ACM 39(9), 92–104 (1996)CrossRefGoogle Scholar
  28. 28.
    Lessig, L.: Privacy as property. Soc. Res. 69(1), 247–269 (2002)Google Scholar
  29. 29.
    Mankiw, N.: Principles of Macroeconomics. Cengage Learning, Boston (2014)Google Scholar
  30. 30.
    McAfee, A., Brynjolfsson, E.: Big data: the management revolution. Harv. Bus. Rev. 90(10), 60–68 (2012)Google Scholar
  31. 31.
    McDonald, A.M., Cranor, L.F.: Cost of reading privacy policies. J. Law Policy Inf. Soc. 4, 543–568 (2008)Google Scholar
  32. 32.
    Müller, G., Flender, C., Peters, M.: Vertrauensinfrastruktur und Privatheit als ökonomische Fragestellung. In: Buchmann, J. (ed.) Internet Privacy. acatech STUDY, pp. 143–188. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  33. 33.
    Nissenbaum, H.: A contextual approach to privacy online. Daedalus 140(4), 32–48 (2011)CrossRefGoogle Scholar
  34. 34.
    Nolte, C.G.: Personal data as payment method in SNS and users’ concerning price sensitivity - a survey. In: Business Information Systems Workshops. LNBIP, vol. 228. Springer (2015), to appearGoogle Scholar
  35. 35.
    Novotny, A., Spiekermann, S.: Personal information markets and privacy: a new model to solve the controversy. In: Proceedings of WI 2013, pp. 1635–1649 (2013)Google Scholar
  36. 36.
    Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  37. 37.
    Posner, R.A.: The economics of privacy. Am. Econ. Rev. 71(2), 405–409 (1981)Google Scholar
  38. 38.
    Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. CACM 49(9), 39–44 (2006)CrossRefGoogle Scholar
  39. 39.
    Purtova, N.: Property rights in personal data: learning from the American discourse. Comput. Law Secur. Rev. 25(6), 507–521 (2009)CrossRefGoogle Scholar
  40. 40.
    Purtova, N.: Property rights in personal data: A European perspective. Ph.D. thesis, Universiteit van Tilburg, Tilburg (2011)Google Scholar
  41. 41.
    Schermer, B.W.: The limits of privacy in automated profiling and data mining. Comput. Law Secur. Rev. 27(1), 45–52 (2011)CrossRefGoogle Scholar
  42. 42.
    Schwartz, P.M.: Property, privacy, and personal data. Harv. Law Rev. 117(7), 2056–2128 (2004)CrossRefGoogle Scholar
  43. 43.
    Shapiro, S.P.: Agency theory. Ann. Rev. Soc. 31, 263–284 (2005)CrossRefGoogle Scholar
  44. 44.
    Spiekermann, S., Dickinson, I., Günther, O., Reynolds, D.: User agents in e-commerce environments: industry vs. consumer perspectives on data exchange. In: Eder, Johann, Missikoff, Michele (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 696–710. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  45. 45.
    Spiekermann, S., Novotny, A.: A vision for global privacy bridges: technical and legal measures for international data markets. Comput. Law Secur. Rev. 31(2), 181–200 (2015)CrossRefGoogle Scholar
  46. 46.
    StatCounter: Worldwide market share of leading search engines from january 2010 to April 2015. http://www.statista.com/statistics/216573/worldwide-market-share-of-search-engines/
  47. 47.
    Stutzman, F., Gross, R., Acquisti, A.: Silent listeners: the evolution of privacy and disclosure on facebook. J. Priv. Confid. 4(2), 7–41 (2013)Google Scholar
  48. 48.
    Van Blarkom, G., Borking, J., Olk, J. (eds.): Handbook of Privacy and Privacy-Enhancing Technologies. College bescherming persoonsgegevens, The Hague (2003) Google Scholar
  49. 49.
    Varian, H.R.: Economic aspects of personal privacy. In: Lehr, W.H., Pupillo, L.M. (eds.) Internet Policy and Economics, pp. 101–109. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  50. 50.
    Varian, H.R.: Intermediate Microeconomics: A Modern Approach, 8th edn. WW Norton & Company, New York (2010) Google Scholar
  51. 51.
    Weitzner, D.J.: Google, profiling, and privacy. IEEE Internet Comput. 11(6), 95–97 (2007)CrossRefGoogle Scholar
  52. 52.
    Westin, A., Harris Louis & Associates: Harris-Equifax Consumer Privacy Survey. Technical report, 1991. Conducted for Equifax Inc. 1,255 adults of the U.S. public. Technical report (1991)Google Scholar
  53. 53.
    World Economic Forum: Personal Data: The Emergence of a New Asset Class (2011). http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf
  54. 54.
    Zimmermann, C., Accorsi, R., Müller, G.: Privacy dashboards: reconciling data-driven business models and privacy. In: Proceedings of ARES 2014, pp. 152–157. IEEE (2014)Google Scholar
  55. 55.
    Zimmermann, C., Cabinakova, J.: A conceptualization of accountability as a privacy principle. In: Business Information Systems Workshops. LNBIP, vol. 228. Springer (2015), to appearGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.University of FreiburgFreiburg im BreisgauGermany

Personalised recommendations