Contracting Around Privacy: The (Behavioral) Law and Economics of Consent and Big Data
Journal of Intellectual Property, Information Technology and Electronic Commerce Law (JIPITEC) 8 (2017), 9-26.
18 Pages Posted: 27 Oct 2017 Last revised: 23 Sep 2019
Date Written: October 26, 2017
European privacy law rests on the implicit assumption that consent to the processing of personal data and the analysis of Big Data is a purely individual choice. Accordingly, privacy lawyers mainly focus on how to empower users to make free and informed choices, for instance through debiasing and nudging. However, a game theoretical analysis suggests that strategic considerations may be a driving force of consent under certain conditions. In environments relying on the use of Big Data, consent is likely to impose negative privacy externalities on other users and constrain their freedom of choice. By contrast, a behavioral economic analysis suggests that users are subject to bounded rationality and bounded willpower. While nudges, like default options, can enable users to make protective privacy choices in some cases, correcting cognitive deficits might facilitate market failures and accelerate the erosion of privacy in other cases. This counterintuitive conclusion shows that legal rules on consent and privacy contracts should be grounded on an assumption of ‘mixed rationalities’, i.e. on insights from both standard economics and behavioral economics. Hence, a sharper distinction between ‘paternalistic nudging’ and ‘non-paternalistic soft regulation’ to counter market failures is warranted.
Keywords: consent, EU privacy law, EU-GDPR, behavioral law and economics, big data, constitutional law, game theory, libertarian paternalism, monetizing personal data, nudging
Suggested Citation: Suggested Citation