ABSTRACT
Privacy is a complex decision problem resulting in opinions, attitudes, and behaviors that differ substantially from one individual to another [1]. Subjective perceptions of threats and potential damages, psychological needs, and actual personal economic returns all play a role in affecting our decisions to protect or to share personal information. Thus, inconsistencies or even
contradictions emerge in individual behavior: Sometimes we feel entitled to protection of information about ourselves that we do not control and end up trading away that same information for small rewards. Sometimes we worry about personal intrusions of little significance, but overlook those that may cause significant damages. In previous works [1-4], we have highlighted a number of difficulties that distance individual actual privacy decision making from that prescribed by classical rational choice theory.∗ First, privacy choices are affected by incomplete information and, in particular, asymmetric information [5]: Data subjects often know less than data holders about the magnitude of data collection and use of (un)willingly or (un)knowingly shared or collected personal data; they also know little about associated consequences. Second, the complex life cycle of personal data in modern information societies can result in a multitude of consequences that individuals are hardly able to consider in their entirety (as human beings, because of our innate bounded rationality [6], we often replace rational decision-making methods with simplified mental models and heuristics). Third, even with access to complete information and cognitive power to process it exhaustively, various behavioral anomalies and biases could lead individuals to take actions that are systematically different from those predicted by rational choice theory [7]. In this chapter, we present an overview of those difficulties, and highlight how research on behavioral economics may improve our understanding of individuals’ everyday privacy behavior. In section 18.2, we consider the role of asymmetric and incomplete information in privacy scenarios and how information asymmetries determine risk, uncertainty, and ambiguity in decision making. We argue that, due to the prevalence of these informational complications, individuals’ privacy relevant behavior may be best understood in terms of bounded rationality [6], and behavioral biases. Specifically, in section 18.3, we discuss how insights from the behavioral economic literature may cast a light on the often confusing observations drawn from privacy decision making. In section 18.4, we comment on a number of possible paths that privacy research can follow based on these insights.
