The Myth of the Privacy Paradox
51 Pages Posted: 24 Feb 2020 Last revised: 29 Jan 2021
Date Written: January 29, 2021
In this Article, Professor Daniel Solove deconstructs and critiques the privacy paradox and the arguments made about it. The “privacy paradox” is the phenomenon where people say that they value privacy highly, yet in their behavior relinquish their personal data for very little in exchange or fail to use measures to protect their privacy.
Commentators typically make one of two types of arguments about the privacy paradox. On one side, the “behavior valuation argument” contends behavior is the best metric to evaluate how people actually value privacy. Behavior reveals that people ascribe a low value to privacy or readily trade it away for goods or services. The argument often goes on to contend that privacy regulation should be reduced.
On the other side, the “behavior distortion argument” suggests that people’s behavior is not an accurate metric of preferences because behavior is distorted by biases and heuristics, manipulation and skewing, and other factors.
Professor Solove argues instead that the privacy paradox is a myth created by faulty logic. The behavior involved in privacy paradox studies involves people making decisions about risk in very specific contexts. In contrast, people’s attitudes about their privacy concerns or how much they value privacy are much more general in nature. It is a leap in logic to generalize from people’s risk decisions involving specific personal data in specific contexts to reach broader conclusions about how people value privacy.
The behavior in the privacy paradox studies does not lead to a conclusion for less regulation. On the other hand, minimizing behavioral distortion will not cure people’s failure to protect their own privacy. Managing one’s privacy is a vast, complex, and never-ending project that does not scale. Privacy regulation often seeks to give people more privacy self-management, but doing so will not protect privacy effectively. Professor Solove argues instead that privacy law should focus on regulating the architecture that structures the way information is used, maintained, and transferred.
Keywords: privacy paradox, CCPA, California Consumer Privacy Act, privacy self-management
JEL Classification: D12, D18
Suggested Citation: Suggested Citation