With financial and other personal information about us in countless databases, and with companies such as Facebook and Google collecting data about their users to drive profits and satisfy expectations of shareholders, there is a pervasive concern that we have little control over access to potentially harmful uses of that information. Moreover, many consumers believe that little can be done to address the problem except to give out as little information as possible and try our best to monitor our credit reports and financial accounts in an effort to detect unexpected activity if it occurs.
By not enacting strong information privacy laws in the non-governmental sector, the U.S. Congress and the fifty states have effectively defaulted to a market-based model of privacy protection that relies heavily on individual self-policing and market incentives as the primary means of information control. A self-policing privacy protection model could be effective if a market for information privacy were possible — if well informed individuals could shop their privacy preferences effectively.
This book-length paper examines the reasons why this is highly unlikely and why privacy laws in the United States (or the lack thereof) will not protect legitimate consumer interests in the years to come. Part 1 shows why information privacy is a social or societal value and not just an individual concern. Part 2 examines in more detail why individualist, market approaches to privacy protection are destined to fail. Part 3 continues this theme and examines research in behavioral sciences about how consumers make decisions in market transactions. Part 4 concludes by critiquing the “new” privacy framework released by the Federal Trade Commission. While the framework contains hopeful rhetoric calling for greater emphasis on societal solutions to privacy concerns, most of the framework continues to rely heavily on individual notice and choice in transactions that involve exchanges of personal information.