<div>
 Privacy Policies and Consumer Data Extraction: <span>Evidence From U.S. Firms</span>
</div>

Ramadorai, Tarun; Uettwiller, Antoine; Walther, Ansgar

doi:10.2139/ssrn.3352175

Download This Paper

Open PDF in Browser

Add Paper to My Library

Privacy Policies and Consumer Data Extraction: Evidence From U.S. Firms

51 Pages Posted: 23 Mar 2019 Last revised: 27 Mar 2025

See all articles by Tarun Ramadorai

Tarun Ramadorai

Imperial College London; Centre for Economic Policy Research (CEPR); European Corporate Governance Institute (ECGI)

Ansgar Walther

Imperial College London

There are 2 versions of this paper

Date Written: November 22, 2024

Abstract

Using a comprehensive dataset of privacy policies, firm characteristics, consumer tracking, and cybersecurity incidents, we examine the heterogeneity of firms’ data extraction practices and the influence of privacy regulations. Rather than adopting standardized boilerplate privacy policies, we find substantial within-industry differences correlated with firms’ technical sophistication; firms engaging in data extraction have lengthier policies, seeking to hedge legal risks. Firms with intermediate technical sophistication appear to follow a ”collect and share” model, collecting large amounts of consumer data and sharing it with third-parties for processing, thus creating cybersecurity risks. Conversely, high sophistication firms appear to implement a “receive and process” model, consistent with a two-tier data market in which data flows from intermediate to high sophistication firms.

Keywords: privacy, data markets, web tracking, third-party sharing, cybersecurity risk

JEL Classification: D8, K2, L1

Suggested Citation: Suggested Citation

Ramadorai, Tarun and Uettwiller, Antoine and Walther, Ansgar,

Privacy Policies and Consumer Data Extraction: Evidence From U.S. Firms

(November 22, 2024). Available at SSRN: https://ssrn.com/abstract=3352175 or http://dx.doi.org/10.2139/ssrn.3352175