Digital Privacy

34 Pages Posted: 6 Oct 2019 Last revised: 9 Oct 2019

See all articles by Itay P Fainmesser

Itay P Fainmesser

Johns Hopkins University - Carey Business School

Andrea Galeotti

University of Essex

Ruslan Momot

HEC Paris

Date Written: September 25, 2019


This paper proposes a framework for studying data policy, information security, and privacy concerns in digital businesses. We offer a full characterization of the optimal design of data storage and data protection policies for a digital company and also of how those policies affect users’ activity, privacy, and welfare. Our framework features a taxonomy that distinguishes between advertisement-driven companies (e.g., Facebook and Google) and transaction-driven companies (e.g., Amazon and Uber). This distinction reveals that advertisement-driven businesses store either all or none of the user-generated data whereas transaction-driven businesses exhibit a smoother pattern that may include an intermediate data storage policy. Comparing the amount of user information that these two types of companies store, we find that — contrary to public opinion — advertisement-driven companies do not invariably retain more of their users’ data than do transaction-driven companies. Our study establishes that measuring the direct damage inflicted by adversaries on consumers significantly underestimates not only the welfare loss but also the loss of consumer surplus due to adversarial activity. Finally, we identify the conditions under which advertisement-driven businesses generate more consumer surplus than that generated by their transaction-driven counterparts.

Keywords: Information security, online platforms, data-driven businesses, data policy design, advertisement-driven businesses, transaction-driven businesses, welfare

Suggested Citation

Fainmesser, Itay Perah and Galeotti, Andrea and Momot, Ruslan, Digital Privacy (September 25, 2019). HEC Paris Research Paper No. MOSI-2019-1351. Available at SSRN: or

Itay Perah Fainmesser (Contact Author)

Johns Hopkins University - Carey Business School ( email )

100 International Drive
Baltimore, MD 21202
United States

HOME PAGE: http://

Andrea Galeotti

University of Essex ( email )

Wivenhoe Park
Colchester, CO4 3SQ
United Kingdom

Ruslan Momot

HEC Paris ( email )

1, rue de la Liberation
Jouy en Josas, 78351


Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics