While people always seem to want what they don’t have, they tend to inflate the value of the things they do have. Economists call this the “endowment effect” – once something becomes part of your endowment, you are naturally reluctant to part with it.
So you might demand that someone pay you $2,000 for that 1983 Mustang convertible in your garage, even though you’d never pay $2,000 for the car if you were the buyer.
The gap between the buy and sell price you’d set is one reason that house negotiations often go haywire. Homeowners nearly always overestimate what their property is worth – or more specifically, what someone else will pay for it. Often, people initially set a price for their home that they wouldn’t pay if they were the buyers.
When discussing cars or homes, the endowment effect is fairly easy to spot. But in the realm of abstract ideas like privacy, things get a bit more complicated.
Still, consideration of this buy-sell gap should be an important part of any serious discussion about privacy, says economist Alessandro Acquisti, a professor at Carnegie Mellon University and a member of the school’s Privacy Technology Center.
Few willing to pay for protection
Studies have repeatedly shown that the average person won’t pay anything to protect his or her privacy, and will do very little to protect it. Shoppers won’t pay extra to buy from more security conscious stores; AOL users won’t pay more for security tokens that protect their logins; and consumers readily surrender critical data such and home addresses in exchange for coupons and small discounts. That has led many observers to conclude that consumers don’t value privacy at all.
But to Acquisti, those observers are only looking at half the equation -- what people will pay to protect their personal information. What they would demand in exchange for explicit permission to distribute their personal information – something he calls “pay to allow” – is another matter entirely.
“If you ask people how much they would sell their personal information for -- sensitive information like how many sexual partners they’ve had -- they will say a very high price,” he said. “When we talk about the value of privacy to people, perhaps that’s the number we should talk about.”
Acquisti and fellow economist Jens Grossklags set out to quantify this buy-sell gap in a recent study. Privacy research is tricky because research subjects cannot be harmed, so the two could not simulate truly troubling privacy problems, such as exposure of Social Security numbers to Internet criminals.
Instead they created a relatively harmless survey that asked questions about innocuous data like height and weight. They gave survey takers $5 and offered one set an extra 25 cents or an extra $1 for permission to share the survey results with others – pay to allow. They told another group that if they were willing to take $1 or 25 cents less than the initial $5 gift, their information would be kept private – that’s pay to protect.
In this limited experiment, just about everyone went with the money.
My sensitive data? That'll cost you!
But in a companion survey, as soon as the questions became more sensitive, the pay-to-protect and the pay-to-allow crowds diverged. Survey takers wanted quite a bit of cash to share information on sexual partners, for example. Several said they’d want $1,000 or more to share that kind of information.
“And that’s what we’d expect,” Acquisti said.
The value equation for personal information becomes is complex, said Grossklags, because selling data differs from selling personal goods in one important way: If you sell your Mustang for $2,000 (and you didn’t overpay), you can always buy another one for about the same price. But once your personal information is sold, it’s gone. You can’t buy your privacy back. These kinds of one-way transactions are hard for consumers to value.
Perhaps that’s why in survey after survey only about 10 percent of consumers care enough about their privacy to actually change their behavior – to avoid store loyalty cards, EZPass systems, and the like, says another privacy researcher, Larry Ponemon of the Ponemon Institute. Nearly two-thirds of people say they care about privacy, but don’t do anything to protect it, he says.
There are two explanations for that, Ponemon says. Perhaps most people don’t really care about privacy after all. Or, perhaps they think they are entitled to privacy – it is part of their endowment – and therefore they shouldn’t have to do anything or pay anything to protect it. Avoiding EZPass is expensive; avoiding store loyalty cards can be very expensive.
“People may believe they are entitled to their privacy, and it shouldn’t cost them anything,” Ponemon says.
Why it matters
This is not merely an intellectual discussion for privacy wonks. As our legal system wrestles with determining just how victims whose privacy is invaded should be compensated, equations like these are being thrown around. Companies, accountants, and insurers may one day have to calculate whether there is a dollar figure that victims should receive where their personal information is lost. Or if there is an amount consumers should fairly pay to get themselves “off the grid,” to get off of marketing lists and out of private research databases.
In a recent Ponemon survey, consumers said they should be well compensated when their personal data is leaked. Nearly 70 percent said they should be paid more than $5,000, and 42 percent said more than $10,000, when a company loses their personal information. Of course, if you ask someone how much money they should get for anything, they tend to be – let’s say – optimistic. But these numbers provide another point of view when policy makers talk about the value of privacy, and they provide evidence that people place a high value on privacy even if they don’t always act that way.
What do you think? How do you value your privacy? Take our short survey and find out how others value their privacy.
MORE ON MSNBC.COM
Privacy Lost: A special report on a vanishing right
