There’s an obvious market failure here. If we postulate that at least some customers want to use web services that come with strong privacy commitments (and are willing to pay the appropriate premium for them), it’s hard to see how the market can provide what they want.In the follow-up, Felton describes a standard contract and a sort of privacy escrow protocol to protect individuals against the desperate actions of a cratering start-up.
The more I read and think about privacy, the theory that an individual's privacy has a value that can be exchanged on the market becomes less and less compelling. Frank Pasquale wrote at Concurring Opinions that in the market model, you trade your privacy for efficiency and convenience, using Gmail as an example:
[C]onsider the type of suspicions that might result if you were applying to a new job and said "By the way, in addition to requiring 2 weeks of vacation a year, I need to keep my email confidential." The bargaining model is utterly inapt there. . . . just as it would have been for women to "bargain" for nondiscrimination policies, or mineworkers to bargain, one by one, for safety equipment.He concludes that people who trade their privacy will outcompete those who do not, and that
"[a] collective commitment to privacy may be far more valuable than a private, transactional approach that all but guarantees a 'race to the bottom.' " The paper he cites on cost benefit analysis and relative position was interesting (to me at least) when read in terms of privacy. From the abstract:
When a regulation requires all workers to purchase additional safety, each worker gives up the same amount of other goods, so no worker experiences a decline in relative living standards. The upshot is that an individual will value an across-the-board increase in safety much more highly than an increase in safety that he alone purchases."Privacy" can be substituted for "safety." Can "security" also be considered in this context? Is it already?