42 Pages Posted: 6 Oct 2019 Last revised: 27 Jul 2020
Date Written: September 25, 2019
We study the incentives of a digital business to collect and protect users’ information. The information the business collects improves the service it provides to consumers, but it may also be accessed, at a cost, by strategic third parties in a way that harms users, imposing privacy costs. We characterize how the revenue model of the business shapes the equilibrium data policy. We compare the equilibrium data policy with the social optimum and show that a two-pronged policy, which combines a minimal data protection requirement with a tax proportional to the amount of data collected, restores efficiency.
Keywords: Information security, online platforms, data-driven businesses, data policy design, advertisement-driven businesses, transaction-driven businesses, welfare
Suggested Citation: Suggested Citation