Yves here. While the authors of this study came across a very large and rich data set they could mine on the question of data privacy concerns versus privacy behavior, I wonder if China is an outlier due to the extent of government surveillance. To put it another way, spending time to dial down the amount of snooping done by Alipay apps may seem not terribly productive in light of the extent of official monitoring. And in keeping, the ones who are most concerned about snooping may actually be very cognizant of Edward Snowden’s warning, that the way to avoid being spied on is to minimize interaction with the Internet, and they feel they have no way to do that. In other words, they’ve thrown in the towel.
By Long Chen, Director, Luohan Academy; Executive Provost, Hupan School of Entrepreneurship; Academic Chairman, Alibaba Research Council; Yadong Huang, Economist, Luohan Academy: Shumiao Ouyang, PhD candidate in Economics, Princeton University; and Wei Xiong, Trumbull Adams Professor of Finance and Professor of Economics, Princeton University. Originally published at VoxEU
Online consumers tend to say they care about privacy but at same time choose to share their personal data either for free or for little reward. This column examines this ‘data privacy paradox’ using data from a survey of Alipay users. It finds no relationship between users’ self-stated privacy concerns and the number of third-party mini-programs on the site they agree to share their data with, and argues that this may be explained by users with stronger privacy concerns tending to benefit more from using these mini-programs. Rather than having innate data privacy concerns, consumers appear to develop concerns as a by-product of the process of using digital applications.
Data sharing is crucial in the development of the digital economy. As illustrated by the recent report from the Luohan Academy (2021), data sharing fosters connectivity, decision making, and trust. At the same time, privacy concerns attract growing attention, which is important for maintaining the sustainable development of the digital economy, as discussed in several recent Vox columns (e.g. Acemoğlu et al. 2019, Bergemann et al. 2020, Nguyen and Paczos 2020). A less understood phenomenon is the ‘data privacy paradox’, which refers to a general disconnect between consumers’ self-stated privacy preferences and their actual privacy-seeking behaviour – consumers in a wide range of survey and experimental studies often say they care about privacy, but at same time choose to share their personal data either for free or for small rewards. The presence of this disconnect is often used as evidence to argue either that consumers’ privacy concerns are not credible or that privacy is no longer achievable in the age of the data economy. Does the privacy paradox exist in realistic settings when consumers are faced with choices to share personal data with digital service providers? If so, what causes consumers to ignore their privacy concerns in data sharing?
The privacy literature has suggested a number of psychological and behavioural factors to explain the data privacy paradox, including consumers’ ignorance about the consequences of data sharing (Pew 2019); present bias, which causes consumers to overweight immediate convenience from using digital applications and underweight future cost of sharing personal data (Acquisti 2004); and illusion of control, which causes consumers to feel more in control when making data-sharing choices (Brandimarte et al. 2013). While these behavioural biases are clearly relevant, it remains unclear how consumers’ data-sharing choices are related to their demands for digital services.
In our recent study (Chen et al. 2021), we address these issues by conducting a survey of Alipay users about their data privacy preferences and then matching their survey responses with rich administrative data about their data-sharing choices on the Alipay platform to analyse how their data-sharing choices are related to their stated privacy preferences. Alipay is a highly popular payment and lifestyle platform with more than 900 million active users in China. In addition to its widely used payment system, it also hosts over two million third-party mini-programs, which are lightweight apps that run inside Alipay to offer a variety of digital services to Alipay users. To use a mini-program, a user must first authorise sharing of certain personal data with the mini-program. The requested data sharing varies across mini-programs from innocuous information, such as nickname, to highly sensitive information, such as the national ID number and credit score.
In policy discussions, a widely held view is that the privacy paradox exists because users simply cannot afford not to use popular digital applications. Because the mini-programs on Alipay vary substantially in the importance of the provided services and the sensitivity of the requested information, this setting provides an ideal opportunity to study how different users, when given the options, balance their privacy preferences with their demand for digital services.
In July 2020, we worked with Alipay to conduct a survey of Alipay users, which included 12 questions about their preferences and concerns regarding data sharing with Alipay’s mini-programs. We received survey responses from 14,250 Alipay users. In response to a question that explicitly asked whether they are concerned about their data privacy when sharing personal data with mini-programs, 46% said they are very concerned, 39% are concerned, and only 15% are not concerned. As shown by Figure 1, during the one-year period from July 2019 to July 2020, the ‘unconcerned’ users on average initially visited 14.3 mini-programs and authorised data sharing with 11.2 of them, the ‘concerned’ users initially visited 15.5 mini-programs and authorised 11.5, and the ‘very concerned’ users initially visited 16.3 mini-programs and authorised 11.3. To the extent that the last group has rejected nearly 25% of data-sharing requests, these ‘very concerned’ users did not resign from active protection of their data privacy by blindly authorising all requests.
Figure 1 The data privacy paradox
Source: Chen et al. (2021).
Even though one would expect users with stronger privacy concerns to be more reluctant to share personal data, these three groups of users with different levels of privacy concerns, on average, authorise data sharing with almost the same number of mini-programs, even after controlling for user characteristics such as digital experience, age, gender, and city, as well as mini-program fixed effects. This lack of difference in data-sharing authorisations is puzzling and confirms the data privacy paradox in a setting that is highly relevant to the digital economy.
It is tempting to attribute the data privacy paradox to noisiness and unreliability of survey responses. While survey responses are indeed noisy at the individual level, we find that at the group level, the privacy concerns stated in survey responses are positively associated with respondents’ propensity to take two privacy-seeking actions in Alipay: (1) cancelling previously authorised data sharing with mini-programs; and (2) changing Alipay’s default privacy settings, which tend to make a user’s information visible to other Alipay users. These findings thus validate the survey-based measure of privacy concerns.
What causes the privacy paradox? Our analysis uncovers a curious, positive correlation between Alipay users’ data privacy concerns and digital demands – that is, users with stronger privacy concerns also tend to use their authorised mini-programs more frequently and more extensively. As the greater demands of privacy-concerned users for digital services offset their privacy concerns about sharing personal data with the mini-programs, this correlation helps to explain the data privacy paradox.
The positive correlation between privacy concerns and digital demands is a new finding to the literature and connects privacy preferences directly to demands for digital services, albeit in an unexpected way. If privacy concerns are an innate preference like risk aversion, they would deter users from extensively using digital services that usually require sharing of personal data, leading to a negative correlation between privacy concerns and digital demands. Instead, our finding suggests that privacy concerns are possibly a preference developed through the process of using digital services. That is, as some users gradually develop enjoyment from using the powerful and convenient services offered by mini-programs, they may also develop more concerns about the potential risks from their extensive data sharing with those programs. Under this notion of privacy as a developed preference, it is reasonable to conjecture that privacy concerns grow with the personal data accumulated with mini-programs.
To further explore this notion, we examine a hypothesis that more-active users of mini-programs are more likely to cancel their data-sharing authorisations with mini-programs. While this hypothesis is a direct implication of privacy concerns increasing with digital demands, it counters our usual intuition that more-active users incur greater costs from cancelling a mini-program. By using two different measures of user activeness and after controlling for various user characteristics and mini-program fixed effects, we find that more-active users of mini-programs in our sample are more likely to cancel their data-sharing authorisations with mini-programs. It is again difficult to explain this pattern without recognising that privacy concerns are positively correlated with user activeness.
Our study adds to the literature on the data privacy paradox, including Gross and Acquisti (2005), Goldfarb and Tucker (2012), and Athey et al. (2017). These studies have designed creative surveys and experiments to measure individuals’ privacy preferences (see Acquisti et al. (2020) for a recent review of this literature). By combining survey data with extensive administrative data, our study not only confirms the paradox in a highly relevant setting but also uses the paradox as an entry to analyse the nature of data privacy concerns. We uncover data privacy concerns as a preference developed through the use of digital applications, which, to our knowledge, is a new dimension not previously explored by the literature. This nature further implies that data privacy concerns may increase over time with the deepening of the data economy, making consumers more restrictive with their data sharing. This effect may in turn prevent the economy from realising the full promise of data sharing implied by nonrivalry and increasing returns to scale, two fundamental features of data sharing (e.g. Jones and Tonetti 2020, Farboodi and Veldkamp 2020, and Cong et al. 2020).
Our findings bring insightful implications for today’s discussion on data governance. Consumers may develop more privacy concerns in the process of adopting digital applications to meet their digital demands, the best way to protect privacy may not be to restrict data sharing, as it will hurt consumer welfare (Liu et al. 2020). Instead, promoting better privacy protections would be a more promising way to both harness digital dividends for consumers and promote sustainable development of the digital economy.
See original post for references
7 comments
Comments are closed.
And in the U.S.?
I know of at least one large organization which has a legitimate reason to see if consumers are in danger of defaulting on loans. The organization combines government data with semi-government data and, more to the point, buys or rents huge troves of “private” data- creditcard info, credit delinquency information and data bases of police and court records- looking for correlations. Let me emphasize that there have been no leaks of data and the organization has properly reported what it is doing to the government agency responsible for oversight.
But this is all being done without any public notice. There is no way for the public to object. And, more to the point, the people selling YOUR creditcard information claim, based on the fine-print in your creditcard application that they, not you, own the information.
You have no privacy as long as the invaders of your privacy are under no obligation to let you know your privacy is being invaded.
“You have no privacy as long as the invaders of your privacy are under no obligation to let you know your privacy is being invaded.”
Quote of the Day award winner.
Consumers may have privacy concerns but the truth of the matter is that there are plenty of information websites that you can join but that you have to hand over information in order to use that site. So in that survey of Alipay users, was this factoid taken into account? That in order to make use of some sites, that they have to hand over information first. On the face of it, you would be doing so voluntarily but in reality, you may not have a choice.
There is no privacy and a significant amount of the “Information” being stored is inaccurate.
I thought that video I made with Dana Perino and a three legged Armadillo would stay private, now it’s all over the internet.
And no, her teeth aren’t real.
I found that out running the NRA booth at the National Sex Symposium.
All I can say is “we don’t sell your data” means that they may not technically sell your data. Easy peasy. And it’s quite simple to get around California “privacy rights”. Good luck. I liked this:
https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-sell-your-data-heres-how-company-shares-monetizes-and
So they conducted a survey, and then went behind the survey responders’ backs and used all the data the platform had collected on them to do their study?!? Isn’t that precisely what the problem is? People want to use the interwebs but the average person has no idea what’s being collected and what it’s used for. So while they may be concerned, as individuals they are essentially powerless to do anything about it short of not using the internet altogether.
This is a good example of the perils of trying to infer causation from correlation. Causation might exist in either direction, or they might both have a causal relationship with some third factor, and not be directly related at all (e.g., the example of the number of priests in a community being strongly correlated with the number of liquor stores).
The authors frame this as a paradox. It’s only a paradox if your thesis is that users who are more worried about privacy tend to avoid certain online services as a consequence of that view. If, instead, your thesis is that users who don’t have many online services don’t feel all that much need to be concerned about privacy relative to users who have lots of them (which would also imply a correlation) then the result is perfectly consistent and not paradoxical at all.
The article does make this point later on, but devoting so much discussion time to the supposed ‘paradox’ beforehand strikes me as statistically naïve.