Digital Privacy

36 Pages Posted: 6 Oct 2019 Last revised: 24 Jun 2022

See all articles by Itay P Fainmesser

Itay P Fainmesser

Johns Hopkins University - Carey Business School

Andrea Galeotti

University of Essex

Ruslan Momot

University of Michigan, Stephen M. Ross School of Business

Date Written: September 25, 2019


We study the incentives of a digital business to collect and protect users’ data. The users' data the business collects improve the service it provides to consumers, but they may also be accessed, at a cost, by strategic third parties in a way that harms users, imposing endogenous users' privacy costs. We characterize how the revenue model of the business shapes its optimal data strategy: collection and protection of users' data. A business with a more 'data-driven' revenue model will collect more users' data and provide more data protection than a similar business that is more 'usage-driven'. Consequently, if users have small direct benefit from data collection, then more usage-driven businesses generate larger consumer surplus than their more data-driven counterparts (the reverse holds if users have large direct benefit from data collection). Relative to the socially desired data strategy, the business may over- or under-collect users' data and may over- or under-protect it. Restoring efficiency requires a two-pronged regulatory policy, covering both data collection and data protection; one such policy combines a minimal data protection requirement with a tax proportional to the amount of collected data. We finally show that existing regulation in the US, which focuses only on data protection, may even harm consumer surplus and overall welfare.

Keywords: Information security, online platforms, data-driven businesses, data policy design, advertisement-driven businesses, transaction-driven businesses, welfare

Suggested Citation

Fainmesser, Itay Perah and Galeotti, Andrea and Momot, Ruslan, Digital Privacy (September 25, 2019). HEC Paris Research Paper No. MOSI-2019-1351, Available at SSRN: or

Itay Perah Fainmesser (Contact Author)

Johns Hopkins University - Carey Business School ( email )

100 International Drive
Baltimore, MD 21202
United States

HOME PAGE: http://

Andrea Galeotti

University of Essex ( email )

Wivenhoe Park
Colchester, CO4 3SQ
United Kingdom

Ruslan Momot

University of Michigan, Stephen M. Ross School of Business ( email )

701 Tappan Street
Ann Arbor, MI MI 48109
United States


Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics