39 Pages Posted: 6 Oct 2019 Last revised: 4 Feb 2021
Date Written: September 25, 2019
We study the incentives of a digital business to collect and protect users’ data. The users' data the business collects improves the service it provides to consumers, but it may also be accessed, at a cost, by strategic third parties in a way that harms users, imposing endogenous users' privacy costs. We characterize how the revenue model of the business shapes its optimal data strategy: collection and protection of users' data. We compare the optimal data strategy of the business with the social optimum and show that a two-pronged regulatory policy, which combines a minimal data protection requirement with a tax proportional to the amount of data collected, restores efficiency.
Keywords: Information security, online platforms, data-driven businesses, data policy design, advertisement-driven businesses, transaction-driven businesses, welfare
Suggested Citation: Suggested Citation