Further Reading: The Economics of Privacy

The sources below provide deeper engagement with the themes introduced in Chapter 11. They are organized by topic and include economic analyses, policy reports, investigative journalism, and legal scholarship. Annotations describe what each source covers and why it is relevant to the chapter's core questions.

Privacy as an Economic Phenomenon

Acquisti, Alessandro, Curtis Taylor, and Liad Wagman. "The Economics of Privacy." Journal of Economic Literature 54, no. 2 (2016): 442-492. The most comprehensive academic survey of the economics of privacy, covering market models, externalities, information asymmetry, and the privacy paradox. Acquisti and colleagues synthesize decades of economic research to show that privacy is not merely a preference but a structural market condition with significant welfare effects. Essential reading for anyone seeking to understand the economic foundations of the chapter.

Acquisti, Alessandro, and Jens Grossklags. "What Can Behavioral Economics Teach Us About Privacy?" In Digital Privacy: Theory, Technologies, and Practices, edited by Alessandro Acquisti, Stefanos Gritzalis, Costas Lambrinoudakis, and Sabrina De Capitani di Vimercati, 363-377. Auerbach Publications, 2007. An early and influential application of behavioral economics to privacy decision-making. The authors demonstrate that bounded rationality, hyperbolic discounting, and status quo bias systematically lead people to underprotect their privacy. This paper is a foundational reference for the privacy paradox discussion in Section 11.2.

Posner, Richard A. "The Economics of Privacy." American Economic Review 71, no. 2 (1981): 405-409. A provocative early economic analysis arguing that privacy can be economically inefficient because it allows people to conceal information that would improve market functioning (e.g., hiding a pre-existing condition from an insurer). While subsequent scholars have challenged Posner's premises, the paper remains influential as a starting point for economic debates about the value and cost of privacy.

Varian, Hal R. "Economic Aspects of Personal Privacy." In Privacy and Self-Regulation in the Information Age, U.S. Department of Commerce, 1997. An accessible overview by one of the most prominent economists to engage with privacy issues (Varian later became chief economist at Google). The paper introduces the concepts of information externalities and price discrimination in the context of personal data. Valuable for understanding the economic logic that drives data collection, even though it was written before the advent of modern data brokerage.

The Privacy Paradox

Norberg, Patricia A., Daniel R. Horne, and David A. Horne. "The Privacy Paradox: Personal Information Disclosure Intentions Versus Behaviors." Journal of Consumer Affairs 41, no. 1 (2007): 100-126. One of the earliest empirical studies documenting the gap between privacy intentions and privacy behavior. The researchers found that study participants disclosed significantly more personal information than they said they would, even after being primed to think about privacy risks. The paper provides empirical grounding for Section 11.2's theoretical discussion.

Solove, Daniel J. "The Myth of the Privacy Paradox." George Washington Law Review 89 (2021): 1-51. A forceful legal argument that the privacy paradox is not a paradox at all but a predictable outcome of structural market conditions — information asymmetry, lack of meaningful choice, and the design of consent mechanisms. Solove argues that using the "paradox" to justify weak privacy regulation confuses constrained behavior with genuine preference. Highly relevant to the debate in Section 11.2.3 about whether the paradox reflects true preferences or market failure.

The Cost of Data Breaches

Ponemon Institute / IBM Security. "Cost of a Data Breach Report." Annual reports, 2017-2024. The most widely cited source of data breach cost statistics. Each annual report provides the global average cost per breach, the average cost per compromised record, cost breakdowns by industry and country, and analysis of cost-reducing and cost-increasing factors. The reports are published by IBM Security in partnership with the Ponemon Institute and are available freely online. Essential data for any economic analysis of data security investment.

Romanosky, Sasha. "Examining the Costs and Causes of Cyber Incidents." Journal of Cybersecurity 2, no. 2 (2016): 121-135. An empirical analysis of the costs of cyber incidents using data from the Privacy Rights Clearinghouse and other sources. Romanosky finds that the direct costs of breaches to companies are often lower than commonly assumed — which supports the chapter's argument that externalized costs (borne by individuals and the broader system) are the larger and more underappreciated category.

Zou, Yixin, and Florian Schaub. "Beyond 'Compliance vs. Ethics': An Empirical Study of Consumer Perceptions and Experiences After Data Breaches." In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 2019. A qualitative study examining how consumers actually experience data breaches — the anxiety, confusion, labor of remediation, and sense of helplessness. The paper provides the human dimension that economic analyses often miss and supports the chapter's argument about the distributional effects of breach costs.

Data Brokers and Data Markets

Federal Trade Commission. "Data Brokers: A Call for Transparency and Accountability." FTC Report, May 2014. The FTC's landmark report on the data broker industry, based on a study of nine major data brokers. The report documents the scale of data collection (one broker alone had 3,000 data segments for nearly every U.S. consumer), the opacity of the industry, and the potential for harm. It remains the most authoritative government analysis of the data broker ecosystem and the foundation for Section 11.4.

Christl, Wolfie. "Corporate Surveillance in Everyday Life." Cracked Labs, Vienna, 2017. A detailed mapping of how personal data flows through the commercial ecosystem — from collection through data brokers to end users. Christl's research traces specific data flows between named companies, providing concrete evidence of the interconnected data market that abstract economic analyses often describe only theoretically. Freely available online.

Sherman, Justin. "Data Brokers and Sensitive Data on U.S. Individuals." Duke Technology Policy Lab, 2021. A focused analysis of how data brokers collect and sell sensitive data categories — mental health information, religious beliefs, sexual orientation, immigration status — with particular attention to the risks for vulnerable populations. Sherman's work connects data broker practices to civil rights and equity concerns, extending the economic analysis into the realm of data justice.

Pasquale, Frank. The Black Box Society: The Secret Algorithms That Control Money and Information. Cambridge, MA: Harvard University Press, 2015. A sweeping critique of the opacity of data-driven institutions — including credit bureaus, data brokers, and search engines. Pasquale argues that the secrecy surrounding data practices is not an accident but a strategic choice that protects profitable information asymmetries. His analysis of the credit reporting industry is directly relevant to the Equifax case study and to understanding why data markets resist transparency.

Regulatory Approaches

Spiekermann, Sarah, and Alessandro Acquisti, Rainer Bohme, and Kai-Lung Hui. "The Challenges of Personal Data Markets and Privacy." Electronic Markets 25, no. 2 (2015): 161-167. An economic analysis of proposals for personal data markets — systems where individuals would sell their data at negotiated prices. The authors identify significant challenges: data is non-rivalrous (selling it does not deplete it), data value depends on aggregation (individual data points are worth very little), and data transactions have externalities (one person's data can reveal information about others). Essential for evaluating the "data as labor" proposals discussed in Section 11.4.3.

Goldberg, Samuel, Garrett Johnson, and Scott Shriver. "Regulating Privacy Online: The Early Impact of the GDPR on European Firms." University of Chicago, Becker Friedman Institute Working Paper, 2021. An empirical analysis of the GDPR's economic effects, finding that the regulation reduced venture capital investment in EU technology companies by 26-36% and reduced the number of new app launches. The paper provides evidence for the compliance cost concerns raised in Section 11.5, though the authors note that the long-term effects may differ from the initial adjustment.

McDonald, Aleecia, and Lorrie Faith Cranor. "The Cost of Reading Privacy Policies." I/S: A Journal of Law and Policy for the Information Society 4, no. 3 (2008): 543-568. The study estimating that reading every privacy policy an average American encounters would require 244 hours per year. A landmark calculation that quantifies the impracticality of the "notice and choice" model and provides the empirical foundation for the rational ignorance argument in Section 11.2.2.

These readings extend the economic analysis introduced in Chapter 11. The economic frameworks of externalities, information asymmetry, and distributional analysis will recur throughout the remainder of this textbook, particularly in the chapters on regulatory approaches (Part 4) and corporate data ethics programs (Part 5).