By W. Jason Choi, Rutgers Business School, USA, jason.choi@rutgers.edu | Kinshuk Jerath, Columbia Business School, USA, jerath@columbia.edu
With heightened concerns regarding user privacy, there is a recent movement for empowering consumers with the ability to control how their private data are collected, stored, used and shared. Notably, between 2018 and 2020, the General Data Protection Regulation (GDPR) has been implemented in the European Union (EU), and the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have been implemented/passed in the state of California in the United States. These regulations address both consumer data security and consumer privacy rights. In this monograph, we provide an overview of some of the key issues that are in play in consumer privacy and in empowering consumers with rights to manage the privacy of their data, viewed primarily in the context of online advertising-related actions of firms. The recent academic work on these topics already provides some important takeaways. Empirical studies, broadly speaking, show that fewer consumers share data with firms post-regulation and this leads to worse personalized marketing, i.e., the firms are at a handicap. Theoretically, a primary insight is that privacy regulations on using data affect the advertising/targeting layer directly and the product/pricing layer directly and/or indirectly; broadly speaking, consumers make data sharing choices by balancing the intrinsic and instrumental values of sharing data, and privacy regulations can generally be expected to benefit consumers at the expense of firms. We also discuss how consumers’ understanding of firms’ privacy policies and their impact can be enhanced, which is important for regulations to have their intended impact. We briefly discuss the development of privacy-preserving mechanisms for targeted advertising, industry interest in and adoption of which has been recently enhanced due to new regulations. We conclude with a discussion and lay out some directions for future research.
Privacy and Consumer Empowerment in Online Advertising provides an overview of the different issues that are in play in consumer privacy and in empowering consumers with rights to manage the privacy of their data. The authors review the existing knowledge on this topic and discuss implications for consumers, for advertisers, and for ad serving platforms that enable advertisers to reach consumers.
The introductory section provides an outline and briefly reviews the key ideas. Section 2 discusses the key aspects of the GDPR, the CCPA and the CPRA. Since the implementation of the GDPR in May 2018, some early empirical evidence has emerged of its impact and this is examined in Section 3. The authors review the privacy and economic frameworks in Section 4. Section 5 discusses the theoretical work in this area enhances our understanding of the impact of privacy regulation on consumers and on online advertising. Section 6 examines how consumers are presented with privacy notices and their (in)ability to make privacy choices due to a variety of factors. Section 7 reviews how firms attach value to consumers' data. In light of the passing of privacy regulation, firms have been attempting to develop methods for privacy-preserving targeted advertising. In Section 8, we discuss some of these attempts such as FLoC and TURTLEDOVE, which aim to target consumers based on their interests and/or their website visit history, but without compromising their privacy. Finally, Section 9 concludes with a discussion.
An overall summary is that privacy concerns have been heightened in the past two decades and this has led to the passing of privacy regulations addressing data security and privacy rights. After these regulations, a significant minority of consumers have chosen to not provide consent for their data to be collected, used and shared. However, most consumers still do not properly understand the key implications of privacy policies of firms, and more efforts are needed in that regard. Also, technologies are being developed for privacy-preserving user targeting. Finally, regarding firms, data frictions caused by privacy regulations have, in turn, caused negative consequences for small advertisers, publishers and service providers. The authors provide some directions for future work that may be valuable to move thinking forward on this increasingly important topic.