Why you might want to pay for privacy even if you think you have “nothing to hide”

The following is the first in a series of guest posts from job market candidates working in Institutional and Organizational Economics. Watch for the rest of the series over the next couple weeks, and think about interviewing one of these fine students if you have an opening. (-PLW)

guest post by Sebastian Dengler

In privacy debates we often hear people making claims that they have nothing to hide and therefore strengthening rights to privacy is unnecessary, or might even be harmful.

Let’s assume you indeed have nothing to hide from anyone and do not care about whether your data is well-protected from governmental agencies, your employer, or even your family and friends. The theoretical model in my job market paper (joint with Jens Prüfer) shows, that even without an explicit taste for privacy, you might want to consider paying for it or at the very least incur some form of cost by installing privacy-protective software. 

Every day you (consciously or unconsciously) produce a lot of information: where you go, what you do, whom you interact with, even seemingly minor bits and pieces such as whether you finish reading this blog post (and how fast you scroll) or stop right here. Until recently, recording all this information and evaluating it was a very difficult endeavor. So, unless you lived in a surveillance state that devoted enough resources to that end, you probably indeed had nothing major to worry about. 

The digital revolution and the resulting widespread adoption of digital communication devices, however, fundamentally changed this. It lead to the “Rise of Big Data” (Mayer-Schönberger and Cukier 2013), characterized not only by the sheer volume of data, but also by its variety, and the velocity with which it is retrieved or analyzed. 

The more data you generate and the more it is harvested by Big Data firms, the better these firms will become at tailoring their offers to your needs and preferences. But such tailoring is not necessarily limited only to what you might like to buy in general, it can also manifest itself as “mobile targeting” (Luo et al. 2014), where advertisements are based on location data and delivered in real time tailored to what you might like to buy right now. Already today, shopping apps such as Shopkickreward people for interacting with certain products (e.g., scan a barcode, go to the dressing room with it, etc.) effectively guiding them through a store and increasing the likelihood of purchases. 

Big Data firms might also become enabled to tailor prices based on your purchase history, engaging in “behavior-based price discrimination” (for an overview see: Fudenberg, Villas-Boas, and Hendershott 2006). The basic idea is that a seller can identify two groups of consumers when repeat purchases of the same product are possible: If you previously bought the product, the seller knows that your willingness-to-pay must have exceeded the price at which it was offered (and vice versa if you did not buy at this price). Based on this, the seller can then charge two different prices to both groups. 

In our analysis, we take this logic further and model a situation after a long period of behavior-based price discrimination during which consumers did not protect their privacy. A seller might then reach the so-far theoretical benchmark of perfect price discrimination (Pigou 1920). You (and everyone else for that matter) could be charged an individualized price exactly matching your maximum willingness-to-pay for any given product (and at any given time and/or location). 

To protect information on your willingness-to-pay when buying from such a seller, you might want to make use of an anonymization technique (which we call “anonymous” channel A). But this comes at a cost: you might be charged a fee for anonymization services, experience lower internet connection speed, or spend time walking through different stores to search and shop entirely offline. If you decide not to hide information about your willingness-to-pay (which we call “direct” channel D) you do not incur any such costs. 

But when it comes to making choices regarding means of privacy protection, consumers are often overwhelmed by the task of identifying possible threats and means of protection as Acquisti and Grossklags (2007) point out. We account for such constraints by employing the depth of reasoning model of level-k thinking introduced by Stahl and Wilson (19941995) and Nagel (1995). Level-k thinking is defined recursively, where k denotes the number of iterations in strategic reasoning a player is capable of and it starts with a fully naïve player at k=0. A player with a level of strategic sophistication of k=1 assumes that all other players are fully naïve, i.e. have k=0, and responds optimally. A player with k=2 best responds to the assumption that all other players have a level of k=1, and so forth. In our model, we assume that all consumers have the same level of strategic sophistication, but that they are outmatched by the seller’s strategic reasoning capabilities (at least k+1). 

The three main features of our model are:

  • Consumers face a monopolistic seller capable of perfect price discrimination.
  • Consumers can evade price discrimination by using a costly anonymization technique.
  • Consumers have limited strategic sophistication modelled by level-k thinking.

The timing of actions is as follows:

  1. Consumers choose between sales channels: direct and costless (D) or anonymous but costly (A).
  2. The seller sets individualized prices in channel D and one uniform price for channel A (as he cannot distinguish between anonymized consumers).
  3. Consumers buy or don’t buy the product at the offered price.

If naïve consumers (k=0) expect the monopolistic seller to engage in regular monopoly pricing, they choose channel A if and only if their valuation for the good is higher than the monopoly price they expect to pay plus the cost of anonymization, and expect a positive surplus from doing so. All other consumers choose direct channel D, where they expect a zero surplus due to the seller’s perfect price discrimination, but spare themselves the cost of anonymization. 

As a result of his superior strategic sophistication, the seller infers which consumers are in which channel. In channel D, he simply extracts all surplus via perfect price discrimination. In channel A, he sets the price that exactly matches the cutoff valuation above which consumers have anonymized themselves, exploiting the sunk cost nature of the anonymization cost. This results in some consumers in channel A leaving the market with a negative, others with a positive surplus. 

If all consumers had a level of k=1, they would anticipate the best response by the seller to of k=0-consumers and choose to anonymize only if their willingness-to-pay is higher than the best response price to k=0-consumers plus the cost of anonymization. This leads to a new cutoff valuation, which the seller would optimally set as the price if all consumers had a level of k=1. This in turn would be anticipated by consumers with k=2 and so on and so forth.

At a finite level of consumer sophistication channel A would remain unused, revealing that the more standard assumption of unlimited consumer sophistication, is not a necessary condition for this breakdown of channel A to happen. 

Our model therefore shows, that the costly privacy-protecting channel A is used even in the absence of an explicit taste for privacy if consumers are not too strategically sophisticated. We thereby provide a micro-foundation for why you might want to pay for privacy even if you think you have “nothing to hide”. 

Sebastian Dengler is a PhD student at Tilburg University.