Digital Privacy

43 Pages Posted: 6 Oct 2019 Last revised: 13 May 2021

Date Written: September 25, 2019


We study the incentives of a digital business to collect and protect users’ data. The users’ data the business collects improves the service it provides to consumers, but it may also be accessed, at a cost, by strategic third parties in a way that harms users, imposing endogenous users’ privacy costs. We characterize how the revenue model of the business shapes its optimal data strategy: collection and protection of users’ data. We show that, relative to the socially desired data strategy, the business may over- or under-collect users’ data and may over- or under-protect it. In fact, the only deviation from the socially optimal strategy that no business will pursue in equilibrium is one of under-collection combined with over-protection of users’ data. Restoring efficiency requires a two-pronged regulatory policy, covering both data collection and data protection. We derive one such policy which combines a minimal data protection requirement with a tax proportional to the amount of collected data.

Keywords: Information security, online platforms, data-driven businesses, data policy design, advertisement-driven businesses, transaction-driven businesses, welfare

Suggested Citation

Fainmesser, Itay Perah and Galeotti, Andrea and Momot, Ruslan, Digital Privacy (September 25, 2019). HEC Paris Research Paper No. MOSI-2019-1351, Available at SSRN: or

Itay Perah Fainmesser (Contact Author)

Johns Hopkins University - Carey Business School ( email )

100 International Drive
Baltimore, MD 21202
United States

HOME PAGE: http://

Andrea Galeotti

University of Essex ( email )

Wivenhoe Park
Colchester, CO4 3SQ
United Kingdom

Ruslan Momot

Northwestern University - Kellogg School of Management ( email )

2001 Sheridan Road
Evanston, IL 60208
United States


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics