Economically, privacy can be understood as a problem of social cost, where the actions of one agent (e.g., a mailing list broker) impart a negative externality on another agent (e.g., an end consumer). Problems in social cost can be understood by modeling the liabilities, transaction costs and property rights assigned to various economic agents within the system, and can be resolved by reallocating property rights and liability to different agents as needed to achieve economic equilibrium. This article examines how advances in high speed networking and data storage have radically reduced the costs to businesses of collecting, storing, manipulating and exchanging large amounts of personally identifying information on consumers, and the policy implications that these cost reductions have on property rights over personal information. A complementary economic and legal system that recognizes individual property rights over personal information is suggested as a way in which to greatly accelerate the adoption of electronic commerce and to extract inefficiencies from the already existing marketplace for personal information.
What are Transaction Costs?
The Impact of the Internet on Transaction Costs Privacy as a Problem of Social Cost
The Problem of Social Cost
Solutions to the Problem of Social Cost Property Rights over Personal Information Redefining the Market for Privacy Public Concerns Raised by Privacy Rights Clarifications on Personal Information Property Rights Conclusion
I am a pretty big fan of the X-Files, and I prefer buying DVDs to renting videos since it really annoys me to keep track of what I rented when. So when I heard that all the X-Files episodes from season one had been released on a Collector's Edition DVD, I got pretty excited and decided I had to go out and buy the entire collection. I jumped in my car, drove to Tower Records, searched around for a small parking spot and went inside to look for the DVDs. After about ten minutes of messing around in the video section without much luck, I asked a clerk if they even had the X-Files Collector's Edition DVD, and if so, could he point me to it. About ten minutes later the clerk came back and informed me that no, unfortunately it was not in stock, but if I wanted to, he could put my name and number on a mailing list and notify me when it arrived.
By then, I had become pretty disillusioned and did what I probably should have done in the first place: I got back in my car, drove home and ordered the X-Files Collectors Edition DVD set from Amazon. The DVDs arrived two days later and I spent the next weekend in front of the television watching Moulder and Sculley solve one baffling case after another.
This fairly boring story illustrates a very important, if rather obvious, fact about electronic commerce: using the Internet saves people not just money, but more importantly, time and effort. It saves me from getting in my car, driving around town, finding a parking spot, looking for a piece of merchandise and then standing in line to pay for it. An economist would say that the Internet allows buyers to economize (quite handsomely) on transaction costs. This is an important point, and its impact for online privacy is far more significant than most privacy advocates today realize. This article looks at the ways recent advances in information technology have impacted transaction costs and data privacy, and suggests ways to create market-based solutions for consumer data privacy concerns that involve only minimal government regulation, oversight and enforcement.
What are Transaction Costs?
There is often a large amount of effort that goes into choosing, organizing, negotiating and entering into even the most mundane contracts. The costs associated these efforts are called transaction costs, and are generally independent of the price of the contracted product or service itself [ 1]. Transaction costs stem from a wide variety of sources and are believed to represent over one third of all economic activity in the United States. In less developed economies, transaction costs are thought to make up an even higher fraction of the overall GDP [ 2]. Examples of contracts that typically have high transaction costs include choosing a telecommunications provider for a small business, planning and executing a multi-national corporate merger, hiring a senior software executive or buying a new car. Examples of contracts with (relatively) low transaction costs include purchasing a book online at Amazon or downloading your favorite song from Napster.
The concept of transaction costs was first introduced in the late 1930s by a British graduate student named Ronald Coase. At the time, Coase was in the United States studying corporate structure and trying to determine why some industries are organized into only a few large firms, while others are organized very differently. The answer he arrived at was a concept he called "marketing" costs, or what has since become known simply as transaction costs [ 3], [ 4]. Today, transaction cost economics is used largely to explain phenomena such as vertical integration, outsourcing, corporate governance and the boundaries of the firm. For instance, the fact that franchise auto dealerships exist and that automakers do not, in general, forward-integrate to include dealerships in their corporate fold is largely a result of the transaction costs involved in retail-specific contracts , [ 6].
In 1958 Coase broadened his model to include consideration of the laws by which contracts are enforced. He undertook this work largely in response to questions at the U.S. Federal Communications Commission (FCC) over how to most efficiently allocate the broadcast spectrum. The solution Coase arrived at was powerful but radical: that government itself could create a market for scarce goods for which there would otherwise be no market [ 4]. Coase realized that the root of many market failures was the improper definition of legal rights, and that once property was well defined and easily tradable, an efficient market solution could quickly follow. This concept led to a general model now called the Coase Theorem that outlines the subtle interrelationships between property rights, transaction costs and liability. The Coase Theorem is widely recognized as one of the most important pieces of 20th century economics and Coase went on to win the 1991 Nobel Prize in Economics for his work in the field , [ 7].
For the FCC, Coase proposed that property rights be assigned to various portions of the radio spectrum to a create market for broadcasting rights. This was in stark contrast to FCC tradition, which had historically regarded the spectrum as public property and therefore subject to government license and regulation. In reality, it took the FCC nearly 35 years (until the mid-1990s) to begin implementing the Coase model and licensing the radio spectrum through a competitive bidding process [ 8, 9]. Today, despite occasional hitches in the auction process itself, most observers agree that the new spectrum auctions are far more efficient and fair than the earlier licensing approach, and that the auctions have created substantial value for both the government and wireless operators alike.
The Coase Theorem is an extremely useful tool for examining cases of liability where the market alone has apparently failed to create an efficient solution. It has been applied most notably to accident law and cases involving environmental pollution. In fact, the market is often highly effective at resolving such disputes, but only after legal and property rights have been clearly defined by the government (as illustrated in the FCC example). Application of the Coase Theorem to personal information property rights would help clarify much of the confusion and chaos currently surrounding the online privacy debate. To see why, it is important to understand how recent advances in information technology have steadily reduced certain types of transaction costs.
The Impact of the Internet on Transaction Costs
As evidenced by the recent meltdown on the Nasdaq stock exchange, the Internet is an exceedingly difficult medium on which to construct viable business models. This is partly a result of the medium's origins in academic research and military applications: the Internet was not, and could never have been, created through the traditional "market" forces of the commercial world. For this reason, it is important that business leaders appreciate the peculiar economic realities of interactive media before applying the Internet as an instrument of commerce. Arguably, the most significant and lasting impact of the Internet on the business community has been the steady and relentless reduction of transaction costs for nearly every imaginable commerce model, and it is precisely these cost reductions that have made the Internet such a perplexing medium in which to conduct business.
Transaction costs are so firmly ingrained in the physical world that we largely take them for granted and naturally incorporate their effects into our business thinking when we move online. In the physical world, most industries are arranged into long and complex value chains, the shapes of which are largely organized by transaction costs. These value chains are moreover often populated with middlemen who prosper by taking a "cut" out of every transaction they organize within their sphere of influence. Since the process of changing key suppliers and distributors in the physical world is so lengthy and involved, most buyers and sellers simply live with the "cut" imposed by middlemen rather than attempt to economize on transaction costs.
On the Internet, the transaction costs associated with most forms of commerce largely disappear (or at least decrease by several orders of magnitude). This does not necessarily imply that middlemen have no place on the Internet - there is ample evidence to suggest that many new types of intermediaries will prove quite successful online. The key difference, though, is that these new intermediaries will have to find ways to survive in an environment where certain forms of transaction costs have largely evaporated.
Online enterprises that attempt to artificially integrate and profit from transaction costs have had the most trouble staying in business recently. Business-to-business exchanges are perhaps the most visible example of this phenomenon. Chemdex, Promedix and Dell Marketplace have all recently shut down, and most remaining b-to-b exchanges are not expected to scale to liquidity successfully. Although the b-to-b exchange model has undergone rapid evolution since its inception, one major mistake many early exchanges made was to attempt to draw revenue by charging participants a "cut" of every transaction organized through the exchange. Appealing as it might seem, this has proven to be a highly unstable revenue model for online commerce precisely because it attempts to assign a fixed "cost" to every transaction. The Internet has proven quite successful at "routing around" such fixed transaction costs.
Many online brokerages have profit models quite similar to b-to-b exchanges, generating revenue from commissions on every trade they organize. Although the majority of online brokerages remain in business today since they have scaled to liquidity much more easily and rapidly than b-to-b exchanges, this has not precluded rapidly shrinking profit margins in the sector as brokerages aggressively compete on increasingly lower commissions (transaction costs).
On the other end of the spectrum, online enterprises that either by design or by accident have built business models that assume a "zero-transaction cost" commerce model have enjoyed wild success. Napster is perhaps the most explosive (if illegal) such example. At its peak (before court-ordered injunctions reduced its utility), roughly 65 million people worldwide used Napster to trade and listen to MP3-encoded music at virtually zero transaction costs. No need to drive to the record store, look for the right CD that has eight other songs you will never listen to and then wait 20 minutes in the checkout line. No need to store, manage and mess around with hundreds of clumsy CDs. Just type in the name of what you want to listen to, and it automagically appears on your computer seconds later.
Amazon similarly has built a commerce model that saves consumers substantial amounts of time and effort over shopping at more conventional book and media retailers. There will always be some shoppers that prefer the option of physically going to a bookstore, both for the social experience and to be handle and examine merchandise before buying it. However, books and DVDs are unique in that often buyers know exactly what they want and need before going to the store. Amazon allows such shoppers a way to quickly point, click and purchase, saving a significant amount in transaction costs over more traditional channels.
Falling transaction costs can have a number of potentially negative impacts on privacy. One poignant example involves the U.S. federal court system, which maintains a large amount of very sensitive and revealing personal information gathered through the proceedings of the criminal justice system. Since the inception of the U.S. court system, this information has laid buried deep within paper filing cabinets in courts across the country. By federal law, these filings always been open to public inspection, but as was the case with the Tower Record example, anybody who wanted to look up this information had to drive to the county courthouse, complete the required paperwork, pay a modest processing fee and probably wait quite a while before the records were retrieved [ 10], [ 11].
This technological imperfection created an architectural constraint that served to protect privacy. In the age of instant electronic information access, however, barriers based on physical limitations are rapidly going away. Courts are increasingly making their case filings available online, making it possible to obtain a copy of a lawsuit or a criminal indictment as easy as clicking a mouse [ 12]. While these moves may be welcomed by private investigators, journalists and others who depend heavily on public records, the fact that such filings contain sensitive information such as social security numbers, bank accounts and other secret information raises the serious possibility of criminal misuse. A 32-year old busboy from Brooklyn, New York was recently able to steal millions of dollars from the likes of Steven Spielberg, Martha Stewart, George Lucas, Sumner Redstone, Oprah Winfrey, Ross Perot, George Soros, Warren Buffet, Ted Turner, Larry Ellison, Michael Bloomberg, David Geffen, Barry Diller and Michael Eisner by using secret, personally identifying information he obtained from Equifax, TRW and Experian [ 13]. Indiscriminately opening U.S. court filings on the Web could expose millions of Americans to a similar risk of identity theft.Despite the apparently negative impact that the Internet has had on personal privacy to date, ironically it is possible that for the first time, the Internet gives consumers the tools they need to control their personal information and deny third parties access to it without authorization or compensation. The radical drop in transaction costs catalyzed by the Internet is actually the very key to creating an information architecture that maximizes the privacy of individual consumers while increasing the value of personal information to the businesses that collect and use it. To understand why, it is important to first look more closely at the Coase Theorem and the impact that it has on property rights and liability rules for personal information.
Privacy as a Problem of Social Cost
Social cost is a concept introduced by Coase in his landmark 1960 paper "The Problem of Social Cost" [ 7]. It can loosely be described as what happens when a business does something that has a negative impact on someone else. An example might be a factory that produces steel using iron ore, coal and other raw materials (including, importantly, "clean" air). As a byproduct of steel production, this factory might produce sulfuric acid that in turn causes corrosion and disease in populations located downwind from the factory. An economist would say that the steel factory creates a negative externality on the community around it. You might also think of it as just plain bad karma.
Since the popular media routinely positions data privacy as the Information Age equivalent of environmental pollution, it is interesting to compare privacy to pollution from an economic perspective. Since the Coase Theorem has been widely used to model and resolve a number of environmental pollution issues, it is somewhat surprising that consideration of its potential impact on personal information rights has been largely absent from the privacy debate until now.
It is widely accepted that pollution is something entirely bad and therefore must be curtailed to the greatest extent possible. Many people believe that zero pollution is the only acceptable environmental solution. In fact, this is not necessarily the case: pollution is responsible for both good things and bad things. Companies do not pollute just for the sake of polluting; they pollute because it is a cheaper way of producing something of value. The cheaper means of production is good; the loss in value caused by pollution is bad. To arrive at the most efficient means by which to correct pollution, both sides must be considered and a balance must be achieved [ 14]. This analysis will also lead to insights on how to most efficiently solve the data privacy problem.
The Problem of Social Cost
Consider first the case of the polluting steel factory. The factory has a fixed supply of assets used in the course of production, including iron ore and coal, whose costs are internalized by the factory and accounted for when it calculates profit and loss statements (thereby measuring its efficiency). In reality, the factory also makes copious use of "clear air" during production, but the cost of this asset is external to the factory and is not (normally) accounted for. Instead, the cost created by the factory's consumption of clean air is passed on to the surrounding community in the form of pollution [ 15].
From a macro-economic viewpoint, this means the steel factory is potentially very inefficient. Ideally, the factory should only produce steel if the end product is worth more than the total cost of production. As long as the factory does not factor in the external cost of pollution into its profit and loss statements, it may appear superficially to be efficient. However, the means of production in this case are directly linked to a significant external cost (externality) in the form of pollution, and if the cost of pollution is sufficiently high, the total cost of production (pollution costs inclusive) may be more than the steel is worth. A second source of inefficiency also occurs since even though the factory may be able to control pollution to some degree by itself (for instance, by installing air filters), if the factory has no incentive to bear the cost of pollution, it will not do so. These two factors conspire to potentially create an inefficiently high level of steel production and an inefficiently low level of pollution control, respectively [ 15].
Information asymmetry and the resulting high monitoring costs that consumers face leads naturally to over-disclosure of personal information by the companies that collect it. Much like the unregulated, polluting steel factory, companies collecting large amounts of personal information are able to internalize the gains from using and selling private data, while externalizing most of the negative impact that results from these practices. Consumers will rarely learn of data misuse directly, so the company can often get away with using personal information in ways that consumers would not have freely bargained for. The market has not only failed to discipline companies that misuse personal information, but has created a systemic incentive for over-disclosure of private data [ 16].
Prior to Coase's work in 1960, conventional wisdom suggested two possible approaches to problems involving social cost. The obvious solution is direct government oversight in the form of industry regulations. This approach may lead to a more efficient level of pollution control by preventing the factory from exceeding certain pre-defined environmental standards, but it involves hidden costs paid for by all taxpayers (not just those downstream from the factory) in the form of monitoring and enforcement measures [ 15].
There are other problems with government regulation as well. In order to be effective, government policy makers must be well informed and must seek to achieve the public good in all cases. The less informed and competent the officials are, the higher the cost of regulation and the lower its benefits. More importantly, regulators might not always seek to achieve the public good. They may instead by influenced by powerful lobbyist groups or seek to increase the power of their agency [ 16].
It is interesting to consider the case of the European Union, where privacy regulation has been popular for a number of years [ 17]. The 1998 European Union Data Directive requires countries doing business with companies in the European Union to abide by fair information principles and other proactive privacy standards. A number of countries from around the world (including Canada, Australia and Chile) have adopted national data protection standards so as to comply with the EU standards, although the United States remains a hold-out and currently conducts business with the EU under a safe harbor agreement. Interestingly, a January 2001 study from Consumers International indicated that EU Web sites in general offer visitors quantifiably less privacy than in the United States, where privacy regulations (at least for the Internet) have been largely non-existent [ 18]. The obvious question then is whether or not government regulation really is the most efficient solution for consumer privacy concerns?
Returning to the example of the steel factory, the second pre-Coasian approach to social cost involves a system whereby the factory is forced to internalize the external cost of pollution in the form of emission fees paid directly to the government. This system is called "Pigouvian taxes" and the idea is that the government charges the factory for the amount of pollution damage it is causing and in so doing creates an incentive for the factory to purchase pollution control equipment (since by reducing pollution, the factory will reduce its emission fees). The factory must now financially account for pollution in its profit and loss statements, and will weight the benefits of pollution control against its cost. The end result (ideally) is that the factory produces an efficient amount of steel with an efficient amount of pollution control in place. Pigouvian taxes (emission fees) require the government be able to measure (to a reasonable degree of precision) how much damage the pollution is causing [ 15].
Pigouvian taxes per se are not entirely relevant in the context of data privacy. No one in Congress is suggesting that the government measure the amount of economic damage caused by loss of privacy and impose a tax or fee on all companies handling personally identifying information to cover this cost. Emission fees are included in the pollution model only to create financial pressure for the steel factory to self-regulate.
For privacy there is, however, a corresponding financial pressure that incentivizes self-regulation. It comes not from a government-imposed tax, but rather from the media's relentless attention on specific companies that have compromised customer privacy. Negative media scrutiny inevitably results in decreased customer acquisition rates for the targeted companies and contributes to a general sense of consumer distrust. Actual and perceived misuse of personal information collected from existing customers also creates downward pressure on a company's revenue stream. These costs and factors are difficult for companies to quantify, but the financial losses due to privacy concerns are real and largely have the same net effect that Pigouvian taxes do in the pollution model [ 19]. The better the company protects the privacy of personal data, the less negative attention it attracts from the media, and the more customers is it able to attract and retain.
Solutions to the Problem of Social Cost
Whether or not government regulation is actually the most efficient way to protect privacy, it is clear that a significant market failure has occurred concerning ways in which companies collect and use personal information. Self-regulation does not work efficiently (if it did, there would be no media scrutiny that imposes a financial pressure on firms handling personal information analogous to Pigouvian taxes). What the Coase Theorem shows is that oftentimes, there is a third alternative that should be considered in such cases: the redefinition and reallocation of property rights.
The most important thing to realize about social cost is its reciprocal nature. Returning to the example of the steel factory, we have until now been looking at ways in which the steel factory (A) harms the land owners (B) who live downwind from the factory. The discussion has focused entirely on how we can restrain A (either through government regulation or emission fees) from harming B [ 7], [ 15]. The idea is that the less that A harms B, the less of a negative externality there is. This, in turn, means that everyone will be better off in the long run.
In fact, social cost always arises as the result of a joint decision: in this case, the decision of A to pollute and the decision of B to live where they live. It is true that A did not pollute, then B would not be damaged. But on the other hand, if B did not live downwind from A, then B would likewise not be damaged and there would be no social cost in that case either [ 15]. It may seem that moving pollution victims around is not a very plausible way to solve air pollution problems. After all, even the most austere air quality control standards imaginable are still cheaper than moving all of southern California to a place with clean air [ 15]. There are, however, a number of small-scale pollution cases where this is a viable option. For instance, the owners a golf course may be experiencing pollution of air or water from a nearby factory, and it may be substantially cheaper to relocate the golf course rather than implement pollution control measures at the factory.
With data privacy, we have a similar situation. Most of the discussion in Washington and elsewhere has focused on identifying the ways that information collectors (direct marketers, Web sites, list brokers, retail outlets) harm individual consumers. The debate then examines how we can restrain information collectors (either through government regulation or media scrutiny) from harming the consumers that provide personal information. Little attention is paid to the fact that privacy problems can only be created by a joint decision of both consumers and collectors to exchange personal information.
The fact that social cost is a joint product of the actions of both A and B is important because it implies that assigning liability to one particular party (or the other) is correct (in terms of efficiency) only if the liable party that can amend the externality at the lowest possible cost. Today in the United States, privacy is in general protected by a system of liability rules [ 20]. An example of liability in action is the string of lawsuits that hit DoubleClick in early 2000 after the company announced plans to merge its database of online surfing behavior with Abacus Direct. Abacus, a direct marketing company based in Colorado, maintains records detailing over one billion retail transactions and was acquired by DoubleClick in 1999. The announcement of the proposed database merger between the two companies created a flurry of legal activity, and by February 2000, four lawsuits against DoubleClick had been filed with the U.S. Securities and Exchange Commission. Three were class-action lawsuits, citing federal electronic privacy laws and the fourth was based on a California statute.
This incident played out the way it did because our current legal system manages privacy using a system of liability rules [ 20]. Companies like DoubleClick and Abacus Direct collect personal information as part of their overall business model and use it however they want. If consumers feel their information has been misused in some manner, they are free to hold the companies liable and sue for damages. What Coase shows, however, is that holding DoubleClick liable in this way only makes sense when DoubleClick is able to resolve privacy disputes arising from personal information misuse more cheaply than individual consumers acting independently could. As we will see shortly, the technology exists to let consumers exercise greater control over personal information, possibly making such legal action obsolete (as long as property rights are correctly assigned).
The second important point about social cost is that as long as the two parties involved can readily make and enforce contracts in their mutual interest, the marketplace itself will arrive at the most efficient resolution to the problem. All that is required is a clear definition of who has the legal right to do what (in order words, property rights) and the marketplace will take care of the rest [ 15].
To examine the role that contracting plays in social cost, we should frame the steel factory case in more specific terms. Suppose that the landowners in question own a golf course, and that pollution from the factory makes use of the land for golf impossible. It is possible for the owners to convert the land so that it can be lumbered for timber, but that is not the state it is in currently.
There are two cases to consider. The first case is when pollution is efficient, meaning that pollution control costs more than land conversion does. In this case, the land will always be converted for timber use, no matter how property rights to clean air are allocated between the factory and the landowners. Suppose it costs the factory $80,000 annually to install clean air filters, and it costs $50,000 annually to convert the golf course. If the factory owns the rights to clean air, it will pollute all day long and the landowners will be forced to convert their land anyway. If the landowners own the right to clean air, the factory will find it cheaper to compensate the owners $60,000 annually for "licensing" the use of clean air from them. The landowners will accept this since it covers the cost of converting the land with some extra money left over [ 15].
So pollution, when efficient, always wins. Unfortunately, this does not bring us any closer to understanding who should own the property rights to clean air in the first place. The answer to that question is, simply enough, transaction costs. Remember that transaction costs are those costs associated with choosing, organizing, negotiating and entering into contracts, and that they are independent of the contracted product or service per se (in this case, the transaction costs are independent of the $50,000 and $80,000 cost of land conversion and pollution control, respectively).
It is impossible to say which option is more efficient without injecting more detail into the case study. Superficially, it would appear (from a transaction cost standpoint) that giving the clean air property right to the factory is simpler, since in either case the land will be converted and if the factory owns the property right, both parties will economize on transaction costs by not entering into lengthy "licensing fee" negotiations for the right to use clean air (as would be the case if the land owners had the property right). The exact answer is dependent on case-specific details that are beyond the scope of the this article, but the point is that property rights are given to the party that can reach equilibrium with the least cost (the least cost avoider).
A similar set of arguments can be made when pollution is inefficient, meaning that it is cheaper to control pollution that it is to convert the land. In this case, pollution is always controlled, no matter who owns the rights to clean air. Suppose that it costs $50,000 annually to covert the land and $20,000 annually for the factory to install clean air filters. If the factory owns the rights to clean air, the most it will pay for the right to pollute is $20,000 annually, and the landowners will turn this offer down because it does not cover the cost of land conversion. If the landowners have rights to clean air, then they will compensate the factory with $20,000 annually to cover the cost of installing clean air filters. Again, which party gets rights to clean air depends on which path is the cheapest in terms of transaction costs [ 15].
Property Rights over Personal Information
Personal information first became a valuable commodity in our economy at least 30 years ago when credit cards first started becoming popular. Since that time, the ways in which commercial "profile" information on consumers is collected has expanded to include supermarket reward cards, friend-and-family telecommunications offers, mail-order catalogs, various sweepstakes and prize offers, warranty registration cards and a number of other vehicles. Using Internet technology like that available from DoubleClick, it is even theoretically possible to link offline-purchasing profiles with online surfing patterns.
At the same time, the economic utility of this information continues to decrease rapidly. Less people than ever read junk mail and click through rates on banners ads is below 0.5% and sinking fast. Consumers have instead become increasingly sensitive to privacy and are less willing to give up personal information than they have been in the past. It is clear that "self-regulation," as the term is commonly used, is inefficient and can only lead to further market failures.
Coasian allocation of property rights (property right allocation based on transaction costs) has produced the most economically efficient solution to problems of social cost in nearly every case where it has been applied. The fact that self-regulation is inefficient (and it is or else DoubleClick would not be getting sued and media scrutiny would not be causing customer attrition) suggests that a more efficient solution could be created given the proper allocation of property rights.
Personal information may have first become valuable 30 years ago, but at that time we lacked the technology to address data privacy using Coasian techniques. Today, that technology is readily available, and it is slowly making its way into IT departments across America.
From an IT perspective, there are two significant challenges facing a Coasian approach to data privacy. The first is the inability of consumers to contract with companies over the collection and use of their personal information. Without a contract by which to enforce rights to it, the concept of property is a meaningless. Web sites have gradually begun posting privacy policies and P3P is now an industry standard by which this process is computerized. But these techniques involve only "online" data transfers and only at sites that actually post their privacy policies or P3P statements. It does not address the much larger and more valuable data flows that occur within the direct marketing, financial service and health care communities, and provides no guarantees that enterprises will actually manage personal information as promised in their privacy policies.
It is only recently that enterprise-grade products like the PrivacyRight TrustFilter have emerged that allow organizations to create and enforce privacy policies and other customer-specific data contracts consistently throughout their enterprise.
The other major impediment to personal information property rights is the large information asymmetry that exists between companies and consumers. It is difficult for consumers to trust the information handling practices of an organization if they cannot verify what it is doing.
There is no one clear answer to this problem, but the Code of Fair Information Practices is a good place to start. Prepared in the 1970s by the U.S. Department of Health, Education and Welfare, the code outlines key policy practices that are intended to protect personal information from abuse by organizations. It is probably the most powerful tool currently available for reducing the information asymmetry between organizations and individuals that is responsible for the social cost of privacy [ 21]:
- Notice: organizations collecting personally identifying data disclose their information collection practices before collecting personal information from consumers.
- Choice: there must be a way for individuals to prevent their personally identifying information, granted for one purpose, from being used for another purpose unless they give prior consent.
- Access: there must be a way for an individual to learn what personally identifying information is stored in a record and how it is used, and there must be a way for that person to correct their identifying records.
- Security: any organization collecting, maintaining, using or releasing personally identifiable information must ensure the reliability of the data for its intended use and take precautions to prevent misuse of the data.
Abiding by fair information principles was difficult for companies to do in the pre-Internet era. Before the Web, customer interactions typically took place through a telephone call placed by a customer service representative, and could cost the company as much as $7-8 per call. This gave businesses a substantial incentive to economize on such communications as much as possible.
More importantly, it would be cumbersome and awkward to express opt-in or opt-out preferences using a telephone, and nearly impossible to inspect an audit trail of disclosures of personally identifying information. Before the rise of the Internet as a business tool, most companies did not even consider offering privacy services, since the cost of delivering them was simply too high. Per the Coase Theorem, because this cost was so high, the companies collecting personal information were the least cost avoiders and therefore retained the property rights to the information.
With the advent of Internet technology, however, the cost of the transactions and services businesses must support to ensure customer privacy drops to mere pennies. Given the appropriate security safeguards, the Web makes it possible to easily express opt-in or opt-out preferences, obtain and inspect audit trails and to offer a host of other privacy related services that were too expensive to provide with earlier communications media. This has an important and positive impact on consumer privacy, and makes it considerably easier for businesses to build trust back in to the personal information value chain.
Redefining the Market for Privacy
The concept of personal information property rights has a great deal of relevance for many Internet business models, particularly those that attempt to draw revenue from banner advertising. The recent meltdown of Yahoo proves what many industry observers have long suspected: that banner advertising is just not a very good channel for establishing and maintaining customer relationships over the Web.
The Web allows for the rapid proliferation of low-transaction cost business models. "Offline" advertising can exist only because there are very high transaction costs associated with commerce in the physical world (meaning that it is often very expensive for buyers and sellers to find each other in the "real" world). Our conventional notions of advertising moreover presuppose that consumers do not own property rights to their own information. Per the Coase Theorem, a low transaction cost world like the Internet implies consumers must own property rights to their own information. Online banner advertising in the spirit of Yahoo does not incorporate this concept of property rights into its revenue model, and instead bluntly tries to transplant broadcast-style advertising techniques onto the Internet. Online banner advertising, therefore, always fails.
The value chain that is responsible for connecting buyers with sellers is just as important a business model online as it is offline. In the offline world, we call this model "advertising." Because the media we work with offline are largely non-interactive, the value chain rewards business models that can blast branding messages across at the highest volume.
Once you move online, though, the picture changes radically. The interactive nature of the Internet quickly reduces transaction costs. The value chain still requires personal information to operate, but the large drop in transaction costs forces a shift in personal information property rights to individual consumers. The value chain now rewards business models that can efficiently manage and protect personally identifying information. We call this model "privacy."
Privacy and personal information property rights are making their force felt in areas beyond just online advertising. Direct marketers have historically enjoyed enormous profit margins at the expense of exploiting personal information. For instance, most consumers do not know that filling out warranty cards enters their name into a direct marketing database. And despite all covert information collection that the direct marketing industry engages in, over 98% of all junk mail currently still goes unread. This implies that the direct marketing industry operates with a mind-numbing efficiency somewhere south of 2% [ 22].
There is a clear and substantial economic burden placed on consumers (and the postal system) when only 2% of the junk mail they receive is ever even opened. However, a case can be made here for businesses as well as consumers. We live in a world filled with high technology and supposedly streamlined supply chains. Yet the companies that do business with the direct marketing industry still seem satisfied with the "only-slightly-better-than-completely-and-totally-random" efficiency at which direct marketing operates. These businesses should start demanding more in return for their time and money. In their own way, they are getting shafting just as badly as consumers are in the absence of personal information property rights. When contracting with the direct marketing industry, these businesses are wasting over 98% of their time and resources.
By far the most common objection raised by the direct marketing industry against privacy (in any form) is that it requires controls that inevitably restrict the flow of personal information throughout the economy. Restricting the flow of information invariably reduces its value, they argue, and only through the completely free and open flow of information can the magical "invisible hand" work its wonder. Add controls to regulate the flow of personal information, and you take away the value that direct marketers add [ 23].
This argument is, of course, flawed. Restricting information flows almost always creates value. The trick is to get the constraints that govern the information flow just right. Overly restrictive controls do reduce economic value, but on the other hand completely open and free trade of information (as is true of personal information exchange in today's economy) is usually very inefficient as well. A happy medium that balances the rights of the information producers with the needs of the information consumers is required.
Hollywood understands this concept very well. It is the reason why recording companies lobby so hard against "free-flow" technologies like Napster and so much in favor of protecting and enforcing the powerful arsenal of copyright laws at their disposal. My purpose here is not to argue for or against Hollywood's position on copyright controls - my personal opinion is that the recording companies are far too restrictive in protecting their copyrights. I think that by effectively shutting down Napster, they have destroyed an enormously powerful distribution channel that might have one day evolved into a major profit center for the recording industry. The point, however, is that by protecting the rights of information producers, both intellectual property laws and personal information property laws encourage participation in the information economy. Without an adequate system to protection personal information when consumers venture online, electronic commerce will never reach its full potential.
Even from the perspective of the direct marketer, it is difficult to see how or why restricting information flows "reduces" values. If you take a mailing list with 100 people, and let the people who do not want to be on it opt-out, you will probably get at least 20 or 30 people to remove their names. Superficially it appears that the value of the list has been reduced since there are fewer names on the list. If you are dumb enough to charge for the list per name, then maybe your revenue does decrease. But the point is that the overall value of the list to the person buying it has increased dramatically, since those 20 or 30 people never wanted to buy anything in the first place. Statistically, the advertiser who purchases the list will enjoy a much higher hit rate with the shorter, "opt-out" list than with the list that had no privacy controls. If you are a list broker, maybe you have to change your pricing structure to use a different metric than the number of names on the list. But either way you look at it, you have created value.
Public Concerns Raised by Privacy Rights
Privacy is an extremely complex issue that raises societal concerns in many different ways. Government surveillance of phone conversations and e-mail messages represents an intrusion of privacy. The fact that a journalist might choose to report on certain salient facts about the President's (or anyone else's) personal life creates different privacy concerns. However, I have chosen not to address these concerns in this article because there is no clear economic force at work here, and such problems are not tractable in terms of transaction costs or the Coase Theorem in the way that the collection, aggregation and sale of commercial "profiles" is.
Clearly not all forms or uses of personal information should be subject to property rights, nor do property rights solve every privacy concern. When personal information is disclosed in a phone conversation or told to a journalist, it is not exchanged under a legally binding contract. Without a system of contracts, the concept of property has no meaning. Encryption may solve the surveillance problem, and journalism may raise concerns about privacy versus free speech, but consideration of personal information property rights should be restricted to cases in which consumers and enterprises are doing business with one another under contract. Only through contract law is there a vehicle by which property rights can be enforced.
The ways in which privacy rights may restrict free speech deserves special attention. Opponents to personal information property rights frequently raise concerns centered on free speech and First Amendment rights. The problem is that one person's right to control personal information infringes on the right of others to speak freely about that person [ 24].
To properly address free speech concerns, it is important to separate privacy as an economic driver from privacy as a way of enforcing social norms. Concealed cameras now being installed throughout the public sphere (for example at ATMs, busy traffic intersections and late-night convenience stores) are increasingly monitoring and recording human activity. However, in most such cases, the net effect of this surveillance is to reduce negative externalities (in the form of reduced crime), not increase them. Freedom of press and speech frequently serves a somewhat similar purpose. The media reports on every detail of the President's life because ultimately his role is to represent the society he serves; society must have a vehicle through which to impress its norms up him and reducing his level of privacy is one way to accomplish this.
When personal information is reported on and distributed in the media, it is not collected under contract and there is no obvious negative externality (in an economic sense) imposed on the person to whom the information refers. There are of course limits to this argument. For instance, if my medical history were to be published in the New York Times, it may restrict my ability to obtain employment or insurance in the future - an obvious negative externality. But since this information could only have been created under contract with my doctor or hospital, I should retain the property rights over its use and distribution. The medical history, therefore, should never have gotten in the hands of the newspaper in the first place.
For the scope of this article, the issue of most relevance is the ability for corporations to pass on the customer data they have collected to other companies for a profit. It is not entirely clear that such transfer of information represents "speech" in any conventional understanding of the word. And even if it is interpreted as genuine "speech", the U.S. Supreme Court has allowed for a number of important exceptions to the First Amendment. This is especially true in cases where the free speech is used to convey obvious falsehoods or carries an excessively negative economic impact. Falsely shouting "fire" in a crowded theater and day-traders who are arrested for anonymously circulating patently false press releases are examples of the first condition. SEC regulations that prohibit corporations from publicly speaking during the IPO quiet period and that prevent officers and insiders from communicating inside knowledge about stock movements are examples of the second.
If communication of customer lists among corporations is to be viewed as "free speech," then the vast majority of companies engaging in such trade clearly qualify for free speech restrictions under both conditions anyway. Often, such "speech" is false, or at least contains very significant inaccuracies. It is estimated that up to 50% of all consumer files maintained by credit bureaus and other data collectors have significant errors in them [ 25]. More obviously, such "speech" creates a very significant external social cost on society at large. Given the proper ability to control such "speech" using property rights, individual consumers would be in the position to resolve the problems created by this externality at the lowest possible cost.
For these reasons, I find most arguments that privacy rights infringe on free speech rights somewhat lacking. Nobody who supports property rights over personal information is suggesting that the New York Times create a database of every person they ever wrote about, keyed on their name, and create some secure method of authenticated access to this database so individual citizens can exercise property rights over the information the Times has collected about them. That is completely silly and goes against the spirit of freedom of press in terms of reporting on activities that occur in the public sphere.
More importantly, all the information ever published in the media about even the most famous celebrities would be insufficient to perpetrate "identity theft" against these individuals. Nobody (save perhaps the most beleaguered celebrities) would feel that having his or her picture published in a newspaper represents a privacy violation. On the other hand, when a busboy uses secret information obtained from the credit bureaus to perpetrate tens of millions of dollars of fraud, a clear case of identity theft has occurred. So somewhere along this sliding scale, the precedence of free speech over privacy must give way to property rights over personal information. If it did not, identity theft could not exist as a crime. The concept of "theft" is meaningless without the complementary notion of "property", and a criminal can only "steal" another person's identity if our society already regards "identity" as property that "belongs" to individuals.
Clarifications on Personal Information Property Rights
Some observers have already commented on the importance of the Coase Theorem in resolving data privacy concerns [ 26], [ 27]. While correct in their interpretation of privacy as a problem in social cost, the mistake that many such analysts make is to argue that (a) per the Coase Theorem, property rights should go to the party that most values personal information and (b) that this implies that consumers should have the "right" to "sell" their privacy.
In reality, both parties in a commercial exchange value personal information highly (for different reasons) and whoever the property owner really is, that party should never have to sell their right to the property once established. The economic problem caused by personal information exchange is the creation of negative externalities. The Coase Theorem states that property rights should go the party that can resolve this externality at the lowest possible cost (not the party that "values" privacy the highest). The Internet has reduced the cost of expressing permissions alongside customer information so dramatically that it is now easier and cheaper for consumers to manage the property rights over their personal information than it is for the companies collecting it. Consumers are the least cost avoiders in this system, therefore they should get the property right to personal information.
More importantly, the consumer retains rights to the property even after it has been transferred to the commercial organization (under contract). An obvious analogy with another powerful form of information property rights, namely intellectual property rights, is appropriate. When I buy a CD from a major Hollywood label, the Hollywood label still retain property rights to the music even though the CD is now in my possession. I have not so much purchased property rights to the music as I have purchased a license to listen to the CD in my own home for non-commercial purposes.
Taking the analogy with copyright a little further, imagine that if in response to the Hollywood's alarm about unauthorized distribution of songs over Napster, lawmakers in Washington proposed that music companies should be given the choice of whether to "opt-in" or "opt-out" of having their music pirated. This does not mean that Hollywood would actually have the right to enforce or monitor the usage or distribution of its intellectual property, it only means that music companies get to "opt-in" to piracy before releasing their works to the public, or "opt-out" once they have discovered piracy and decide that piracy does not suit their tastes. Lawmakers might even propose that Hollywood attach "piracy preferences" to digital music (in the spirit of P3P), so that content only reaches consumers who have configured their MP3 players with matching "piracy preferences" [ 28].
Any sane copyright holder would quickly reject such a system, mainly because it includes no means of enforcement and because the existing body of property law governing copyright and other intellectual works is much stronger. Similar arguments can be made in favor of personal information property rights. A system of property rights is much stronger way of protecting privacy, both in terms of enforcement and in terms of economic value creation.
Taking a more long-term view, property rights over personal information are also important because capitalism can thrive only under conditions of highly decentralized property ownership. In spite of the lip service commonly paid to wonders of the "free-market", most Western economies today more closely resemble highly elaborate systems of corporate welfare rather than genuine "capitalist" markets. This trend is dangerous, since it concentrates power and resources among an increasingly small and centralized set of interests. Historically, centralized systems of economy and governance have proven to be extremely brittle and unstable (not be mention inefficient).
The United States is the global free market leader, yet most Americans do not "own" their own homes, they own 30-year mortgages. People increasingly choose to lease their cars rather than own them. You do not own the cable box that brings TV into your living room, and you arguably do not even own your DVD collection since it is cryptographically encoded to work only in your small geographic corner of the world. If you choose to ignore this and decrypt your DVD manually anyway, you will be violating U.S. (and international) law and could be fined or jailed. People do not even own the genes from which they are made; this property belongs to a small but powerful group of well-financed biotechnology firms.
Most Western societies have become highly "consumption-oriented", in which more and more traditionally social activities have become drawn into an increasingly powerful commercial realm. Economies become destabilized when the lines of communication between individuals and the organizations in control of the resources upon which they depend begin to break down. Personal information is already an absolutely critical resource upon which the global information economy depends, and its economic importance will grow rapidly over the next decade as the world becomes increasingly networked. Returning control of this increasingly important resource to individual citizens in the form of property rights will go a long way towards stimulating competition in certain highly inefficient forms of direct marketing, and will also offset the current trend towards a system of centralized property ownership and corporate welfare.
To date, most discussions about online privacy have weighed the relative pros and cons of industry self-regulation versus government legislation. In fact, neither system is entirely efficient from an economic standpoint. Self-regulation can only lead to progressively larger market failures the deeper we move into the Information Age. At best, intense media scrutiny creates a financial pressure on the business community roughly analogous to Pigouvian taxes. This system is not, however, optimal since it ignores the fact that privacy is problem in social cost and that oftentimes individual consumers are best positioned to play the role of least cost avoider.
The global trend in privacy over the past several years has been towards increased government regulation. Many countries in the world have recently regulated most forms of personal information handling, and even the United States now regulates the handling of financial and health data. In many cases, especially in sensitive sectors such as financial services and health care, government regulation is clearly important and preferable to market-based alternatives. However, on the whole, government regulation is a very blunt instrument and can lead to its own set of unique economic inefficiencies and problems.
Property rights over personal information exchanged under contract in the course of business transactions can solve many current and future problems with data privacy since it recognizes the role of individual consumers are the least cost avoiders. A system of property rights requires the government to define the property right, thereby creating a market where there currently is none. However, property rights represent a market-based approach to solving many commercial-based data privacy concerns. Only minimal governmental regulation, oversight and enforcement is required to make a market-based system of personal information property rights a reality.
About the Author
Paul Sholtz is Co-Founder and Chief Technology Officer of PrivacyRight, a San Mateo, California-based company. PrivacyRight creates products that enable companies to earn the trust and loyalty of their online customers while helping consumers protect and manage their personal information, in accordance with the Code of Fair Information Practices. PrivacyRight is actively involved in establishing industry best practices for online privacy through its operations and strategic alliances in Silicon Valley and Washington, D.C. Prior to co-founding PrivacyRight, Paul worked as a software consultant for several Fortune 500 firms, including Ingram Micro, Charles Schwab, and Hitachi. He holds a B.S. in Physics and Applied Mathematics from the University of Michigan, Ann Arbor.
1. Oliver E. Williamson, 1985. The Economic Institutions of Capitalism. New York: Free Press, pp. 2-7.
2. John Hagel and Marc Singer, 1999. Net Worth. Boston: Harvard Business School Press, p. 49.
3. Ronald Coase, 1988. The Firm, the Market and the Law: The Nature of the Firm. Chicago: University of Chicago Press, pp. 33-56.
4. David Warsh, 1991. "When the Revolution was a Party: Who Privatization was Invented in the 1960s," Boston Globe (20 October), and at http://www.boston.com/globe/search/stories/nobel/1991/1991f.html
5. Williamson, Economic Institutions of Capitalism, p. 110.
6. Williamson, Economic Institutions of Capitalism, p. 157.
7. Coase, The Firm, the Market and the Law, pp. 95-156.
8. Warren Cohen, 1995. "Halting the Air Raid," Washington Monthly (June), and at http://wjcohen.home.mindspring.com/monthly.htm
9. "Statement of Reed Hundt, Chairman of the Federal Communications Commission on Spectrum Policy Management before the Subcommittee on Telecommunications, Trade and Consumer Protection, Committee on Commerce, U.S. House of Representatives, " 12 February 1997, at
10. "National Commission Needed to Review Privacy of Court Records," Privacy Watch, 26 January 2001, at
11. "Study of Financial Privacy and Bankruptcy," U.S. Office of Management and Budget, January 2001 (
12. Joanna Glasner, 2001. "Courts Face Privacy Conundrum," Wired News (26 February), at
13. Murray Weiss, 2001. "How NYPD Cracked the Ultimate CyberFraud," New York Post (20 March), at http://www.nypost.com/news/regionalnews/26868.htm
14. "Looking for Results: Nobel laureate Ronald Coase on Rights, Resources, Regulation," Interviewed by Tomas W. Hazlett, Reason Online at
15. "The Swedes Get It Right," at http://www.best.com/~ddfr/Academic/Coase_World.html
16. Peter Swire, 1996. "Markets, Self-Regulation and Government Enforcement in the Protection of Personal Information," draft submitted to the NTIA, 23 December, at
17. The concept of government regulation as a way to manage consumer privacy has been gaining popularity recently. In the United States, the data handling policies of the financial services and health care industries are already regulated by GLB and HIPAA, respectively, and the U.S. Congress is currently debating whether to legislate additional privacy protections for the general Internet. Topics under debate include how much notice and disclosure Web sites should be required to give online visitors, and whether government should legislate blanket opt-in or opt-out requirements when personal information is collected online.
18. "Privacy @ Net: An international comparative study of consumer privacy on the Internet," Consumers International, 26 January 2001, at
19. In a recent Forrester study, it was estimated that roughly $12 billion was lost in e-commerce due to privacy concerns in 2000. A recent analyst study "Proactive Online Privacy: Scripting an Informed Dialog to Allay Consumers' Fears," (Jupiter Communications, June 1999), predicted that as much as $18 billion would be lost in e-commerce by 2002 if privacy concerns were not addressed.
20. Lawrence Lessig, 1999. Code: and Other Laws of Cyberspace. New York: Basic Books, pp. 160-162.
21. Paul Sholtz, 2000. "The Economics of Personal Information," First Monday, volume 5, number 9 (September), at
22. Hagel and Singer, "Net Worth," p. 7.
23. Brendan B. Read, 2000. "Searching Farther For Customer Data," PlanetIT, 12 December 2000, at
24. Eugene Volokh, 2000. "Freedom of Speech and Information Privacy: The Troubling Implications of a Right to Stop People from Speaking about You," 52 Stanford Law Review 1049, and at http://www.law.ucla.edu/faculty/volokh/privacy.htm
25. Simson Garfinkel, 2000. Database Nation: The Death of Privacy in the 21st Century. Sebatopol, Calif.: O'Reilly & Associates, p. 28.
26. Esther Dyson, "Labeling Practices for Privacy Protection," National Telecommunications and Information Administration (NTIA), at
27. Andrew Sellgren, "Why Privacy Doesn't Require Privacy Rights," at ( http://sellgren.gmu.edu/privacy.htm
28. Jason Catlett, 1999. "Technical Standards and Privacy: P3P," Open Letter to P3P developers, (13 September), at (http://www.junkbusters.com/ht/en/standards.html#P3P
Paper received 26 March 2001; accepted 20 April 2001.
Copyright ©2001, First Monday
Transaction Costs and the Social Costs of Online Privacy, by Paul Sholtz
First Monday, volume 6, number 5, May 2001