Privacy Cost-Benefit Analysis

Paul H. Rubin —  13 March 2011

As I mentioned in my previous post, there is a strong effort to regulate the use of information on the web in the name of “privacy.” The basic tradeoff that drives the web is that firms use information for advertising and other purposes,and in return consumers get lots of things free.  Google alone offers about 40 free services, including the original  search engine, gmail, maps, and the increasingly popular android operating system for mobile devices. Facebook is another set of free services. There are hundreds of others, all ultimately funded by advertising and the use of information.  Any effort to regulate information is going to change the terms at which these services are offered.

To justify regulation, two conditions must be met.  First there must be some market failure.  Second, there must be at least an expectation that the benefits of the proposed regulation will outweigh the costs.  In a market economy, we generally put the burden of proof on those proposing regulation, since the default assumption is that markets provide net benefits.  Proponents of regulating the use of information on the internet have met neither of these burdens.

One main justification for regulation is that people do not want to be tracked. I discussed this issue in my previous post.  Let me just add that, while people express a desire not to be tracked, in practice they seem quite willing to trade information for other services.  The other issue is identity theft — the possibility that information will be misused for illegitimate purposes.  Tom Lenard and I have written extensively about this issue. The bottom line, however, is that consumers are not liable for much if any of the costs of identity theft, and since firms must bear these costs there is no obvious market failure.

With respect to the second issue, there has been virtually no effort to undertake any cost benefit analysis of the proposed regulations.  However, if there were such an analysis, it is unlikely that regulations would be cost justified since the benefits of the free stuff are huge and the costs are small at best.  While it is conceivable that some tweaking would pass a cost-benefit test, it is very unlikely that any regulation which could get through the political process and then be administered by an agency such as the FTC would in fact pass this test.  Moreover, the proposed regulations, such as a “do not track” list or shifting from opt out to opt in are well beyond “tweaking” and might fundamentally change the terms of the tradeoff.

The bottom line is this:  Privacy advocates act as if privacy is free.  But increased privacy means reduced use of information, and no one has shown that altering the terms of this tradeoff would be beneficial to consumers.

Paul H. Rubin


PAUL H. RUBIN is Samuel Candler Dobbs Professor of Economics at Emory University in Atlanta and formerly editor in chief of Managerial and Decision Economics. He blogs at Truth on the Market. He was President of the Southern Economic Association in 2013. He is a Fellow of the Public Choice Society and is associated with the Technology Policy Institute, the American Enterprise Institute, and the Independent Institute. Dr. Rubin has been a Senior Economist at President Reagan's Council of Economic Advisers, Chief Economist at the U.S. Consumer Product Safety Commission, Director of Advertising Economics at the Federal Trade Commission, and vice-president of Glassman-Oliver Economic Consultants, Inc., a litigation consulting firm in Washington. He has taught economics at the University of Georgia, City University of New York, VPI, and George Washington University Law School. Dr. Rubin has written or edited eleven books, and published over two hundred and fifty articles and chapters on economics, law, regulation, and evolution in journals including the American Economic Review, Journal of Political Economy, Quarterly Journal of Economics, Journal of Legal Studies, and the Journal of Law and Economics, and he frequently contributes to the Wall Street Journal and other leading newspapers. His work has been cited in the professional literature over 8000 times. Books include Managing Business Transactions, Free Press, 1990, Tort Reform by Contract, AEI, 1993, Privacy and the Commercial Use of Personal Information, Kluwer, 2001, (with Thomas Lenard), Darwinian Politics: The Evolutionary Origin of Freedom, Rutgers University Press, 2002, and Economics, Law and Individual Rights, Routledge, 2008 (edited, with Hugo Mialon). He has consulted widely on litigation related matters and has been an adviser to the Congressional Budget Office on tort reform. He has addressed numerous business, professional, policy, government and academic audiences. Dr. Rubin received his B.A. from the University of Cincinnati in 1963 and his Ph.D. from Purdue University in 1970.

5 responses to Privacy Cost-Benefit Analysis


    While out of pocket costs per victim were $631, total cost of each incident was $4600 ( so that firms still bore 86% of the total cost. This creates a strong incentive for businesses to reduce these costs, and the article cited by Bob23 indicates that this is the case.


    This post is filled with so many distortions that it’s hard to know where to begin. Let’s just take one.

    “The bottom line, however, is that consumers are not liable for much if any of the costs of identity theft, and since firms must bear these costs there is no obvious market failure.”

    I suggest that anyone who believes this is not aware of the reality that identity theft can place a tremendous burden on victims. Look at any reports on ID theft, and victims report that they spend hours and hours trying to find and stop the effects. It can easily take months or years. The notion that firms bear the costs of ID theft ignores the reality that victims face. Here’s an actual FACT (something absent from the post above):

    “Out-of-pocket costs to victims rose to $631 in 2010 from $387 in 2009”

    So much for “no obvious market failure.” The exercise of finding other distortions in the original post is left as an exercise to the reader. The great thing about the Internet is that anyone can post what they want, set up a standard, and “prove” he is right. You stick in your thumb and pull out a plum….

Trackbacks and Pingbacks:

  1. Fretting over privacy « Truth on the Market - March 28, 2011

    […] Paul Rubin more recently called for a more careful cost-benefit analysis of privacy regulation, here and here. In the latter post he […]

  2. Privacy Cost-Benefit Analysis | Brucetheeconomist's Blog - March 17, 2011

    […] Privacy Cost-Benefit Analysis Paul H. Rubin Sun, 13 Mar 2011 23:55:55 GMT […]

  3. Proposed Privacy Legislation « Truth on the Market - March 16, 2011

    […] Comments Paul H. Rubin on Privacy Cost-Benefit AnalysisBob23 on Privacy Cost-Benefit AnalysisMitchieville » Blog Archive » The Top 10 […]