The "Hidden Cost" of Privacy
Forbes ran an article talking about the “hidden” cost of privacy. Basically, the point was that privacy regulations are expensive to comply with, and a lot of that expense gets eaten up by the mechanisms of compliance and doesn’t go toward improving anyone’s actual privacy. This is a valid point, and one that I make in talks about privacy all the time. It’s particularly bad in the United States, because we have a patchwork of different privacy laws covering different types of information and different situations and not a single comprehensive privacy law.
The meta-problem is simple to describe: those entrusted with our privacy often don’t have much incentive to respect it. Examples include: credit bureaus such as TransUnion and Experian, who don’t have any business relationship at all with the people whose data they collect and sell; companies such as Google who give away services—and collect personal data as a part of that—as an incentive to view ads, and make money by selling those ads to other companies; medical insurance companies, who are chosen by a person’s employer; and computer software vendors, who can have monopoly powers over the market. Even worse, it can be impossible to connect an effect of a privacy violation with the violation itself—if someone opens a bank account in your name, how do you know who was to blame for the privacy violation?—so even when there is a business relationship, there’s no clear cause-and-effect relationship.
What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won’t work to solve the problem. Because the efficient market solution won’t work, we’re left with inefficient regulatory solutions. So now the question becomes: how do we make regulation as efficient as possible? I have some suggestions:
- Broad privacy regulations are better than narrow ones.
- Simple and clear regulations are better than complex and confusing ones.
- It’s far better to regulate results than methodology.
- Penalties for bad behavior need to be expensive enough to make good behavior the rational choice.
We’ll never get rid of the inefficiencies of regulation—that’s the nature of the beast, and why regulation only makes sense when the market fails—but we can reduce them.
echobeach2 • June 15, 2009 7:20 AM
My opinion is the battle/war is lost. How about we enable an apparatus such that we can “proxy” our identity at all times … a grown-up avatar that we use. That is the identity we use, and is linked to the real person with PKI. That identity establishes a credit rating, and hence we protect it, but never has to be traced to us, yet we can operate it through PKI.