Fretting over privacy

Larry Ribstein —  28 March 2011

Gordon Crovitz, writing in today’s WSJ, notes that news that more than half of Americans over 12 have Facebook accounts powerfully suggests that people don’t care that much about “trading personal information for other benefits.”  He asks, “why is Washington so focused on new privacy laws?”  He’s referring, e.g., to the Obama administration’s call for a “privacy bill of rights.”

Crovitz notes that “[i]n exchange for passively letting advertisers know enough about us to deliver more relevant marketing messages, we get many otherwise free services on the Web. If we have to see advertisements, at least they’re not completely irrelevant or inappropriate.” There’s also “the unintended consequences of regulation.” 

Indeed, as Kobayashi and I wrote several years ago in State Regulation of Electronic Commerce:

Regulators’ estimates of [privacy] values higher than those reflected in market transactions might be wrong. If so, they might reduce rather than increase individual autonomy, as by preventing people from effectuating their shopping preferences through cookies. This suggests that government should move carefully in second-guessing market decisions.  One way it could do so is by maximizing exit through an emphasis on state, rather than federal, regulation.

My blogging colleague Paul Rubin more recently called for a more careful cost-benefit analysis of privacy regulation, here and here. In the latter post he noted:

We do not understand that we can be “tracked” but that no one is tracking us.  That is, data on our searches may exist on a server somewhere so that the server “knows” it, but no human knows it.  We don’t intuitively grasp this concept because it it entirely alien to our evolved intelligence.

In other words, the whole concern may be based on a cognitive error.

So how do we know how far to go?  We don’t.  Which is why any regulation here should be careful and incremental, with appropriate opt-ins, opt-outs, sunsets and limitations.  As Kobayashi and I argued in the above article, we might even consider leaving this to state competition, made practicable even for the global internet by sophisticated tracking and blocking technology.

Larry Ribstein


Professor of Law, University of Illinois College of Law

2 responses to Fretting over privacy


    I agree that we should have carefully crafted rules concerning privacy and the issue should not be approached in knee jerk fashion, but I can’t agree that the tracking you describe is quite so innocuous. First there is the issue of whether you will be targeted by advertising which may frame or structure your decision-making in a way that you might prefer that it not. This is the issue in the Sorrell case and knowledge of doctors’ prescription practices. Many doctors know why this information is valuable to pharmaceutical companies and want ex ante to opt out of a system that may permit drug reps to know more about the doctors’ practices (and thus how to pitch) than they would without this info. Does the info make the pitches more efficient from the companies’ perspective. Certainly. Do the doctors and the drug companies have the same definitions of efficiency? Not necessarily. In any event one can quibble about how often data that is accumulated is used by companies with something to sell in a way that the target might view as undesirable or manipulative. This is an empirical question without a clear answer. What is less open to dispute is that while it may be true that *in general* no one “knows” this information – just a search, as someone who teaches evidence, I can assure you that the fact that it exists means that it may be subpoenaed in the appropriate case. For example, many makes of cars have digital data recorders in them that are constantly tracking rates of speed and other data. Most of the time no one “knows” this data. It is simply being passively accumulated and is accessed by no one. Unless there is an accident. Then, where these digital black boxes exist they can provide critical information on the accident. That might be all to the good in most cases. Less clear are the cases where this information may be used by government investigators. As we can see from the cases of the phone companies which turned over their customers cell phone records to the government on national security grounds without even asking for a subpoena, it seems to me the fact this wealth of information is collected makes it well nigh irresistible to the government as of a potential source of information. And if there is no reason to imagine that the private entities collecting that information are likely to guard it against governmental requests, it might as well be the government which is collecting it. And I presume (perhaps incorrectly) that you would view the privacy issue somewhat differently if this was a matter of information being collected by the government.

Trackbacks and Pingbacks:

  1. Finger on the Pulse: From Our Blogroll and Beyond « The Legal Pulse - April 1, 2011

    […] Is there a risk of overkill in protecting online privacy? (Truth on the Market) […]