Privacy is the governance problem at the center of data-driven marketing. Every personalized recommendation, every retargeted advertisement, every loyalty program rests on a flow of personal information from the consumer to the firm—and that flow is the same thing consumers say they want to restrict. The tension is not incidental; it is structural. Firms create value by knowing their customers, and the act of knowing is precisely what consumers experience as exposure. This chapter treats privacy as a marketing construct with formal content, an economic object that firms can price and differentiate on, a behavioral phenomenon that systematically violates the predictions of rational choice, and a regulated activity whose rules reshape competition and innovation.

The chapter proceeds from definition to mechanism to evidence. We begin by fixing what privacy and privacy concern mean and how they are measured, because the measurement model determines what can be claimed. We then assemble the theoretical scaffolding—social contract, justice, exchange, control, and reactance accounts—into a single decision-theoretic frame, the privacy calculus, and confront the empirical fact that consumers do not behave as the calculus predicts: the privacy paradox. From there we examine personalization (the firm’s reason to collect data), trust and control (the levers that move the calculus), the surprising backfire of transparency (the bulletproof-glass effect), the economics of anonymity, and the regulatory regime—chiefly the European Union’s General Data Protection Regulation (GDPR)—that now constrains the whole system. Throughout, the goal is to give a marketing PhD the identification detail and a senior practitioner the decision logic, with reproducible code where a model is involved.

24.1 What Privacy Is

The foundational definition in the information-privacy literature is Westin’s, who frames privacy not as secrecy but as control over access.

Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. (Westin 1967)

Westin decomposes this claim into four states—anonymity, solitude, reserve, and intimacy—that together describe a person’s ability to modulate how exposed they are. The control-centric view matters because it locates privacy in the flow of information rather than in any fixed catalog of “sensitive” facts: a consumer can be entirely comfortable disclosing a fact in one relationship and feel violated disclosing the same fact in another. Consumer information privacy narrows this to the marketing context as control over the dissemination and use of consumer information—demographics, search history, profile data—where canonical violations are unwanted marketing communication, hyper-targeted advertising, and covert online tracking.

Privacy itself is a latent disposition; what researchers actually observe is privacy concern, a proxy that operationalizes consumers’ beliefs, attitudes, and perceptions about their information privacy, typically through survey scales (N. K. Malhotra, Kim, and Agarwal 2004). The distinction between the construct and its proxy is not pedantic. It is the reason the field’s central anomaly—the privacy paradox, the gap between stated concern and revealed disclosure—is even possible to state.

24.1.1 Measuring Privacy Concern

Two measurement traditions dominate. The Concern for Information Privacy (CFIP) tradition originates with Smith, Milberg, and Burke (1996) and is refined for the internet by N. K. Malhotra, Kim, and Agarwal (2004) into the Internet Users’ Information Privacy Concerns (IUIPC) instrument, which loads concern on four dimensions: information collection, unauthorized secondary use (internal and external repurposing of data), improper access, and errors (inadequate protection against inaccuracies). A parallel tradition (Sheehan and Hoy 2000) organizes concern around awareness of collection, information use, information sensitivity, familiarity with the collecting entity, and compensation. The two overlap substantially but differ in emphasis: N. K. Malhotra, Kim, and Agarwal (2004) centers the firm’s data-handling practices, whereas Sheehan and Hoy (2000) foregrounds the consumer’s relationship to the entity and the sensitivity of the specific datum.

Formally, both treat concern as a reflective higher-order construct: a latent privacy concern \(\eta\) generates correlated indicators \(x_k\) via

\[ x_k = \lambda_k \eta + \varepsilon_k, \qquad k = 1, \dots, K, \tag{24.1}\]

so the dimensions should be internally consistent and the instrument is validated by convergent and discriminant validity. This reflective specification is consequential: it licenses summing the dimensions into a single concern score and assumes the dimensions are interchangeable manifestations of one underlying trait. A formative reading—in which collection, secondary use, access, and error are distinct causes that compose concern and need not correlate—would forbid that aggregation. The field has largely adopted the reflective view by convention rather than by decisive test, a caveat worth carrying into any empirical application.1

Concern is not static. It rises over time among both older and younger consumers, and faster among older consumers, so cohort and period effects must be modeled rather than assumed away (Goldfarb and Tucker 2011). And concern is consequential for behavior: it mediates the effect of website personalization on click-through, so the same personalization can help or hurt depending on the concern it provokes (Bleier and Eisenbeiss 2015).

24.2 Theoretical Foundations

Why should a consumer ever disclose? The literature answers with five overlapping theories, which are best read not as competitors but as components of a single account: disclosure is governed by a perceived contract, evaluated for fairness, priced as an exchange, modulated by control, and resisted when it threatens autonomy. Table 24.1 collects them.

Table 24.1: Theoretical lenses on information disclosure.
Theory Core mechanism What governs disclosure Representative evidence
Social contract Norms of appropriate information flow Firm upholds its end via added value or compensation Chellappa and Sin (2005)
Justice Procedural and distributive fairness Fair-seeming policies and fair outcomes Awad and Krishnan (2006); Vail, Earp, and Antón (2008)
Power–responsibility Trust obligation of the powerful party Perceived balance of power Milberg, Smith, and Burke (2000)
Social exchange Benefit minus cost Personalization value exceeds privacy loss Chellappa and Sin (2005)
Reactance Threat to autonomy Whether targeting is felt as intrusion Tucker (2013); White et al. (2008)

Social contract theory treats the firm–consumer data relationship as governed by a tacit moral contract: consumers believe marketers have kept their end when the firm returns value—through personalization or monetary compensation—commensurate with what was taken. The contract is normative, so the same data practice reads as respect or as violation depending on whether it conforms to the consumer’s expectations of appropriate flow.

Justice theory sharpens this into two fairness dimensions. Procedural justice concerns the policies and processes by which information is collected and used; fair access and fair utilization are its content, and even merely fair-appearing policies can reduce concern. Crucially, procedural fairness depends on the consumer’s comprehension: complex privacy policies that impede understanding are perceived as less fair and erode trust (Vail, Earp, and Antón 2008). Distributive justice concerns the outcome—the benefits the consumer receives for disclosing, from customized goods and faster service to outright compensation. The two dimensions generate a localized version of the paradox: consumers value the distributive outcomes marketers deliver while simultaneously feeling vulnerable about the disclosure that produced them (Awad and Krishnan 2006).

Power–responsibility (control) theory holds that the more powerful partner in a relationship—here, the data-holding firm—bears a social obligation to foster equality and trust. When consumers perceive a power imbalance as a threat to their information privacy, they respond defensively, withholding information or supplying false data. When firms lack credible privacy protections, consumers do not simply exit; they demand government intervention to restore the balance (Milberg, Smith, and Burke 2000).

Social exchange theory reduces disclosure to a cost–benefit comparison: a consumer discloses when perceived benefits—individualized offerings, free services, convenience—exceed perceived costs. The greater the personalization value a consumer senses from an exchange, the more they believe the marketer has honored the governing social contract, tying exchange and contract logics together (Chellappa and Sin 2005).

Reactance theory supplies the failure mode. Targeted, individualized communication can be experienced as a violation of autonomy; privacy concern heightens reactance (Tucker 2013), and the downstream behaviors are corrosive: communication avoidance, deliberate information falsification, negative word of mouth, and other defensive actions (White et al. 2008). Reactance is why personalization is not monotonically good—past a threshold, knowing too much about a consumer reads as intrusion rather than service.

These accounts converge on a decision-theoretic primitive. Consumer privacy behavior reflects a multidimensional, boundedly rational calculation in which the consumer weighs the expected benefits of disclosure against its expected costs. That calculation is the privacy calculus, to which we now give formal content.

24.3 The Privacy Calculus

The privacy calculus models disclosure as a utility-maximizing trade-off. Let a consumer face a decision to disclose information \(d \in \{0, 1\}\) to a firm. Let \(B(d)\) denote the perceived benefit of disclosure—personalization value, convenience, compensation—and \(C(d)\) the perceived cost—exposure, expected harm, loss of control. Disclosure utility is

\[ U(d) = B(d) - C(d), \tag{24.2}\]

and the rational consumer discloses iff \(U(1) > U(0)\), i.e., iff the marginal benefit exceeds the marginal cost. Two structural features make the calculus tractable and testable. First, personalization value and privacy concern are approximately orthogonal inputs: a firm can raise \(B\) (better personalization) and lower the weight on \(C\) (alleviate concern) through largely independent levers (Chellappa and Sin 2005). Second, trust enters as a moderator that scales the perceived cost: where a firm is trusted, the same objective data practice carries a lower subjective \(C\), raising the probability of disclosure.

A convenient empirical implementation writes disclosure as a binary choice driven by benefit and cost indices,

\[ \Pr(d_i = 1) = \Lambda\!\left( \alpha + \beta\, B_i - \gamma\, C_i + \delta\, (T_i \times C_i) \right), \tag{24.3}\]

where \(\Lambda(\cdot)\) is the logistic link, \(T_i\) is trust, and the interaction \(T_i \times C_i\) captures trust attenuating the cost of disclosure (\(\delta > 0\)). The estimand of interest is usually \(\gamma\), the sensitivity of disclosure to perceived cost, and \(\delta\), the degree to which trust neutralizes it. Identification is the central difficulty. Trust, benefit perception, and cost perception are all endogenous to unobserved consumer type: a consumer who is intrinsically comfortable with disclosure will report both higher trust and lower cost, biasing \(\hat\gamma\) and \(\hat\delta\) if type is uncontrolled. Credible estimates therefore exploit exogenous shifts—a policy change that alters control without altering type (Section 24.5), or randomized framing of the disclosure prompt—rather than cross-sectional correlation. Absent such variation, the coefficients are descriptive, not causal.

The following simulation makes the calculus concrete and shows how trust shifts the disclosure curve. It is illustrative—the data are generated, not observed—but the estimand and the logic are exactly those of Equation 24.3.

Code
set.seed(2025)
n <- 4000

# Latent inputs: personalization benefit, privacy cost, and trust.
benefit <- rnorm(n, 0, 1)
cost    <- rnorm(n, 0, 1)
trust   <- rnorm(n, 0, 1)

# Data-generating process for disclosure (eq-disclosure-logit).
alpha <-  0.0; beta <- 1.2; gamma <- 1.4; delta <- 0.9
eta <- alpha + beta * benefit - gamma * cost + delta * (trust * cost)
p   <- 1 / (1 + exp(-eta))
disclose <- rbinom(n, 1, p)

dat <- data.frame(disclose, benefit, cost, trust)
fit <- glm(disclose ~ benefit + cost + trust:cost,
           family = binomial, data = dat)
round(coef(summary(fit)), 3)
#>             Estimate Std. Error z value Pr(>|z|)
#> (Intercept)    0.012      0.040   0.286    0.775
#> benefit        1.278      0.052  24.750    0.000
#> cost          -1.420      0.056 -25.180    0.000
#> cost:trust     0.916      0.056  16.472    0.000

# Disclosure probability vs. perceived cost, at low vs. high trust,
# holding benefit at its mean.
grid <- expand.grid(cost = seq(-2, 2, 0.1),
                    trust = c(-1, 1), benefit = 0)
grid$p <- predict(fit, newdata = grid, type = "response")

plot(grid$cost[grid$trust == -1], grid$p[grid$trust == -1], type = "l",
     lwd = 2, ylim = 0:1, xlab = "Perceived privacy cost",
     ylab = "P(disclose)", main = "Trust attenuates the cost of disclosure")
lines(grid$cost[grid$trust == 1], grid$p[grid$trust == 1], lwd = 2, lty = 2)
legend("topright", c("Low trust", "High trust"), lwd = 2, lty = c(1, 2),
       bty = "n")

The recovered coefficients reproduce the planted parameters, and the two curves show the substantive point: under high trust, the disclosure probability falls far more slowly as perceived cost rises—trust flattens the privacy cost gradient.

24.4 The Privacy Paradox

The calculus predicts that consumers who report high privacy concern should disclose less. They do not. The privacy paradox is the systematic disconnect between consumers’ stated privacy preferences and their actual disclosure behavior: people who declare strong concern nonetheless share sensitive personal information freely (Norberg, Horne, and Horne 2007; Kelly D. Martin and Murphy 2016). The paradox is robust and large. In the market for online behavioral advertising, only about 0.23% of U.S. ad impressions come from users who have opted out of behavioral targeting, despite survey evidence of widespread concern; opt-out users’ ad impressions earn roughly 52% less revenue than targeted impressions, implying a loss on the order of $8.58 per opted-out consumer to publishers and exchanges, and opt-out behavior concentrates among more tech-savvy, older, and wealthier populations (Johnson, Shriver, and Du 2020).

Two readings of the paradox carry different managerial implications, and the distinction is identification-relevant. The first treats the paradox as rational: concern is real, but the privacy calculus resolves in favor of disclosure because the benefits genuinely dominate. On this reading, low opt-out rates reveal that consumers price their data cheaply relative to the personalization they receive—privacy is a commodity over which consumers make a deliberate risk–benefit trade-off (Sultan, Rohm, and Gao 2009). The second treats the paradox as behavioral: stated and revealed preferences diverge because disclosure decisions are constructed in the moment and are highly malleable, so the survey measures a disposition that the choice context overrides. The behavioral reading has the stronger evidence. Consumers trade away privacy in response to the architecture and framing of the choice (Adjerid, Acquisti, and Loewenstein 2019; Brandimarte, Acquisti, and Loewenstein 2013), to small inconveniences or incentives that should be economically negligible (Athey, Catalini, and Tucker 2017), and to perceived control over their information even when that control does not reduce actual exposure (Mourey and Waldman 2020; Tucker 2013).

The behavioral reading is sharpened by Lin and Strulov-Shlain (2025), who show that opt-out defaults and lower price anchors reduce consumers’ stated valuations of their own Facebook data by 22% and 37% respectively—magnitudes incompatible with a stable underlying valuation. The same study surfaces a consequence that should worry any firm using disclosure data to learn about its market: framing effects fall disproportionately on consumer segments with lower privacy valuations, so optimizing choice architecture to maximize data volume systematically biases who is represented in the data. The volume–representativeness trade-off is a direct cost of exploiting the paradox.

A caution follows for measurement. If disclosure is constructed and framing-sensitive, then survey-based privacy concern is a weak predictor of behavior, and any model that uses stated concern as a proxy for revealed cost (the \(C_i\) in Equation 24.3) inherits that weakness. This is why the strongest empirical privacy work is built on revealed behavior under exogenous variation rather than on self-report.

24.5 Personalization, Trust, and Control

Personalization is the firm’s reason to collect data, and its effect on consumer response is genuinely mixed. Personalization is the ability to tailor products, messages, and experiences to an individual based on personal and preference information; it depends jointly on the firm’s ability to acquire and process consumer data and on the consumer’s willingness to supply it (Chellappa and Sin 2005). Its benefits are real—fit, proactive delivery, and elevated switching costs that breed loyalty, because a consumer who has invested in personalizing one provider must re-disclose to switch (Alba et al. 1997). But personalization is double-edged, and the edge that cuts the firm is privacy concern. The pivotal moderator is how the information was obtained: whether the consumer provided it voluntarily or it was gathered covertly.

24.5.1 The Personalization–Performance Curve

The effect of personalization intensity on advertising response is theorized as non-monotonic, with two opposing forces. The positive force is elaboration: a self-relevant message invites central-route processing, raising attention, elaboration, and attitude strength, so more personalization yields more favorable response (Cho and as- 2004; Petty and Cacioppo 1986). The negative force is persuasion knowledge: when a consumer recognizes that a brand is trying to persuade them—and conspicuous use of personal data is exactly such a cue—they activate persuasion knowledge that discounts the appeal, and the discounting is amplified by privacy concern through reactance (Friestad and Wright 1994; White et al. 2008). The net effect can be U- or inverted-U-shaped depending on which force dominates, and the empirical record is correspondingly split: many studies find personalization lifts brand and campaign response and coupon redemption (Bauer and Lasinger 2014; N. Y. Kim and Sundar 2012; Tam and Ho 2005; Maslowska, Putte, and Smit 2011; D. J. Xu, Liao, and Li 2008; Chu 2011), while others find that explicitly signaling data use backfires.

The cleanest demonstration of the negative branch is Wattal et al. (2012): consumers respond favorably to product-based personalization, where data use is not made salient, but respond unfavorably when a firm is explicit about using personally identifiable information—a personalized greeting, for instance—with familiarity with the firm attenuating the backlash. The mechanism is reactance triggered by salient surveillance, not personalization per se.

Whether a tradeoff between personalization and privacy actually binds is itself contested. Several studies find no tradeoff once control is present. Walrave et al. (2016) hypothesize an optimal-moderate level of personalization in social network advertising but find the highest-personalization condition produces the most positive response, with privacy concern failing to dampen it—plausibly because the personalization never crosses the threshold that activates persuasion knowledge. The deeper resolution comes from control.

24.5.2 Control as the Decisive Lever

The single most important moderator of the personalization–privacy relationship is perceived control. Tucker (2013) provides the cleanest causal estimate: exploiting Facebook’s introduction of enhanced privacy controls as a natural experiment in a difference-in-differences design, she finds that personalized advertising was ineffective before users gained control over their personal information but became roughly twice as effective afterward. The interpretation is sharp—personalization and privacy do not trade off when consumers believe they control their data; control converts intrusion into service.

The mechanism generalizes. Perceived control is the mediator through which three distinct interventions—consumer self-protection, industry self-regulation, and government mandates—reduce privacy concern (H. Xu et al. 2012). But control has a dark side that the calculus does not anticipate. Greater perceived control can induce consumers to disclose more, leaving them objectively more exposed: the feeling of control reduces the felt cost of disclosure even when the actual risk is unchanged or worse (Brandimarte and Acquisti 2012). This is the control paradox, and it is the behavioral-economics counterpart to the privacy paradox—control changes the subjective \(C\) in Equation 24.2 without changing the objective one.

24.5.3 Trust as the Proactive Complement

Where control and concern-reduction are largely reactive—they respond to a privacy threat—trust is a proactive mechanism that firms build before any threat materializes (Wirtz and Lwin 2009). Trust is decisive precisely in the settings where privacy is most at stake: when retailers deploy personalized or targeted material, trust is what assuages the accompanying privacy worry (Aguirre et al. 2016), and trust in the vendor positively moderates the use of personalized services, so trust building is a direct lever on data acquisition (Chellappa and Sin 2005).

Firms have concrete instruments to signal trustworthiness. Privacy seals and similar signals raise consumers’ willingness to disclose and improve perceptions of the organization (Miyazaki and Krishnamurthy 2002). Privacy policies are read—about 84% of a sample of 2,500 consumers reported reading them—and reading them shifts trust in the firm (Milne and Culnan 2004), with policies serving as a usable proxy for a firm’s transparency and control that is, in turn, related to firm performance and consumer behavior (Kelly D. Martin, Borah, and Palmatier 2017). Consumers will even pay for privacy: they purchase more from websites with more protective privacy practices, revealing a positive willingness to pay for protection (Tsai et al. 2011). Yet the relationship between disclosure-of-policy and behavior is not simple. Broadcasting a privacy policy can reduce disclosure, and consumers disclose more sensitive information when they believe others already have—social proof lowering the perceived risk (Acquisti, John, and Loewenstein 2012). Privacy-policy statements raise the benevolence and integrity components of trust without necessarily lifting purchase intent. These frictions set up the central behavioral surprise of the chapter.

24.6 The Bulletproof-Glass Effect

A reasonable manager expects that telling consumers their data are protected will make them feel safer and buy more. The expectation is wrong, and the reason is instructive. Brough et al. (2022) identify the bulletproof-glass effect: just as a sheet of bulletproof glass in an unexpected setting makes people feel less safe by implying that danger is present, a privacy notice can make consumers feel more vulnerable—decreasing trust and purchase interest—even when the notice objectively emphasizes protection. The label inverts the standard view that transparency about data handling reduces perceived vulnerability (Kelly D. Martin, Borah, and Palmatier 2017).

The mechanism turns on a contract distinction. Managers conceive of privacy notices as formal legal contracts that bind the firm’s data conduct, and expect that formality to reassure. But consumers default to reading privacy as a social contract governed by norms of appropriate flow; when a firm respects those norms it earns trust and purchase intent, and when it violates them it earns negative word of mouth (McCole, Ramsey, and Williams 2010; Eastlick, Lotz, and Warrington 2006; Miyazaki 2009; T. Kim, Barasz, and John 2019). Introducing a formal contract where a social one was expected undermines trust, exactly as a formal contract reduces cooperation in a multi-round trust game relative to no contract at all (D. Malhotra and Murnighan 2002). The notice signals that the relationship requires legal protection, which implies the relationship is not safe.

Brough et al. (2022) bound the effect with two informative moderators. First, the backfire disappears when consumers already expect potential harm: priming a-priori distrust, or operating in a context where danger is anticipated, removes the surprise that drives the bulletproof-glass reaction. Second, the backfire disappears when the notice carries benevolence cues. Trust has two routes—benevolence (affective, “they care”) and competence (cognitive, “they are able”)—and benevolence-trust leads consumers to read a notice as a social contract rather than a formal one. Operationally, a notice’s affective-versus-cognitive content can be scored from its text—e.g., via the proportion of affect words versus cognition words—so the benevolence remedy is measurable, not merely conceptual. Figure 24.1 traces the logic.

flowchart TD
    A[Privacy notice shown] --> B{How is it read?}
    B -->|As a formal contract| C[Implies danger is present]
    C --> D[Increased perceived vulnerability]
    D --> E[Lower trust and purchase interest]
    B -->|As a social contract| F[Implies norm-respecting relationship]
    F --> G[Maintained or increased trust]
    H[Moderator 1: harm already expected] --> B
    I[Moderator 2: benevolence cues in text] --> B
    H -. removes surprise .-> F
    I -. shifts to affective trust .-> F
Figure 24.1: The bulletproof-glass effect: why a protective privacy notice can lower purchase interest, and the two moderators that switch the effect off.

The effect extends to the conspicuous absence of a notice. Using Apple’s App Store privacy “nutrition labels”—mandated in December 2020 after a period in which only about half of apps voluntarily linked a privacy policy (Story, Zimmeck, and Sadeh 2018)Brough et al. (2022) show that an app whose privacy information is conspicuously present or conspicuously absent suffers reduced downloads relative to apps where privacy is simply not at issue. Drawing attention to privacy, in either direction, can depress demand. This reframes a large body of evidence: when consumers notice their data were collected without consent, click-through falls (T. Kim, Barasz, and John 2019; Aguirre et al. 2015), and consumers prefer to buy from sites with stronger protection (Tsai et al. 2011)—but the act of foregrounding privacy is itself a treatment with a cost. The practical lesson is not “say less”; it is that privacy communication is a designed signal whose framing (formal versus benevolent, salient versus background) determines its sign.

24.7 The Economics and Organizational Stakes of Privacy

Privacy is also a strategic and economic variable, not only a psychological one. For the firm, privacy is a dimension of differentiation: a firm can compete on protection the way it competes on quality or price (Casadesus-Masanell and Hervas-Drane 2015; Rust, Kannan, and Peng 2002). The financial logic of privacy failures—data breaches, hacking intrusions, exposures—runs the other way and is well documented (A. Malhotra and Kubowicz Malhotra 2011; Kelly D. Martin, Borah, and Palmatier 2017). The key organizational result is that the damage a breach does to firm performance is mitigated when the firm has previously provided transparency and control: these compensate for the vulnerability the breach exposes and blunt its impact on performance (Kelly D. Martin, Borah, and Palmatier 2017). Privacy posture is thus an insurance policy whose premium is paid in advance through transparent, control-granting practices.

The economics of anonymity formalize a subtler point: more privacy is not unconditionally good for consumers. Conitzer, Taylor, and Wagman (2012) analyze a monopolist facing a continuum of heterogeneous consumers who can choose to remain anonymous—avoiding recognition as prior customers—possibly at a cost. The model yields a sequence of counterintuitive results. When anonymity is freely available, every consumer individually prefers to take it, and that universal anonymity is precisely the outcome that maximizes the monopolist’s profit (because it prevents the price-discrimination that recognition would enable against the firm’s interest in this setting). Consumers can benefit from a higher cost of anonymity—but only up to a threshold, beyond which the effect reverses and harms them. And it is frequently harmful to consumers when the monopolist or an unaffiliated third party controls the cost of anonymity. The lesson for policy is that the allocation of control over the price of privacy matters as much as the level of privacy itself.

On the regulatory-economics of breaches, Kelly D. Martin and Murphy (2016) argues that the low likelihood of litigation, combined with the rarity of breaches in some industries, gives firms a standing incentive to lobby for modest consumer-information-privacy regulation, keeping privacy management under firm control rather than statutory mandate. That political-economy equilibrium is exactly what comprehensive regulation disrupts.

24.8 Privacy in Society and Regulation

Privacy regulation has historically diverged across jurisdictions, and the divergence shapes everything downstream. In the United States, the Federal Trade Commission (FTC) has regulated consumer information privacy through two frameworks: a notice-and-choice model built on Fair Information Practice Principles—firms must disclose their practices and offer choice—and a harm-based model that intervenes only where demonstrable harm occurs. The European Union’s earlier Data Protection Directive was more comprehensive than the U.S. regime, yet the de facto default on both sides remained industry self-regulation, more prevalent in the United States than in Europe (Kelly D. Martin and Murphy 2016). The consequences of even the earlier European regime were real: advertising effectiveness fell measurably after the Data Protection Directive was implemented, and privacy concern rose over time across age groups (Goldfarb and Tucker 2011).

The regime-defining event is the General Data Protection Regulation (GDPR), in force since 2018, which shifts the legal basis of data processing toward enhanced, transparent consent and exports its model to the California Consumer Privacy Act and Brazil’s Lei Geral de Proteção de Dados. GDPR’s effects fall into three areas: consent and disclosure behavior, market structure and innovation, and the persistence of tracking. Table 24.2 summarizes the evidence.

Table 24.2: Empirical evidence on the effects of GDPR.
Domain Finding Source
Consent behavior GDPR-compliant consent raises opt-in across data types; consumers still restrict sensitive data Godinho de Matos and Adjerid (2022)
Consent behavior People share data freely post-GDPR regardless of request format; explanations go unread Kreuter et al. (2020)
Consent design Persuasive + informative cues secure more opt-ins than informative cues alone D’Assergio et al. (2024)
Transparency Transparent policies raise comprehension of data processing but not acceptance Betzing et al. (2020)
Market structure One-third of apps exit; app introduction halves; consumer surplus and usage fall Janssen et al. (2022)
Competition Volatility rises in free-app market (pro-competitive), falls in paid (anti-competitive) Kelly D. Martin, Borah, and Palmatier (2017)
Enforcement Limited change in third-party tracking; large gatekeepers retain disproportionate reach Kollnig et al. (2021)

The consent findings reveal a tension. Enhanced, GDPR-compliant consent increases opt-in for many data types and uses, and crucially the resulting gains—higher sales, more effective marketing communication, greater contractual lock-in—accrue to firms that can target the receptive households that opted in (Godinho de Matos and Adjerid 2022). Consumers do not, however, increase allowances uniformly; they continue to restrict permissions for sensitive information, exercising exactly the norm-governed, context-dependent control that social-contract theory predicts. Yet other work finds consent largely insensitive to how it is requested: people share data freely regardless of request format, and the accompanying explanations of collection and use are not read carefully (Kreuter et al. 2020)—the privacy paradox reasserting itself under regulation. The design margin still matters at the firm level: a mix of persuasive and informative cues yields more opt-ins than informative cues alone, and firms with offline presence and heavy data dependence lean on persuasive cues while GDPR-compliance-sensitive firms adopt more balanced formats (D’Assergio et al. 2024). Transparency improves comprehension of data processing without moving acceptance rates (Betzing et al. 2020), echoing the bulletproof-glass lesson that more information is not mechanically more reassuring.

The market-structure findings are where GDPR’s costs surface, and they expose a privacy–innovation tradeoff. In the Google Play ecosystem (4.1 million apps, 2016–2019), GDPR forced roughly a third of apps to exit and cut the rate of new app introduction by half, reducing consumer surplus and app usage (Janssen et al. 2022). The competitive incidence is two-sided. Compliance costs are anti-competitive: they raise barriers to entry, increase exit, and fall hardest on smaller firms. But the challenge of data collection under GDPR is also pro-competitive: fines scale with size and so bite larger firms harder, and established firms find it more difficult to ensure third-party compliance across their data supply chains. The net is heterogeneous—GDPR raises volatility (a proxy for competitive churn) in the free-app market while reducing it in the paid market (Kelly D. Martin, Borah, and Palmatier 2017). And enforcement has limits: third-party tracking changed little after GDPR, with a few large gatekeepers retaining disproportionate tracking capability both before and after (Kollnig et al. 2021).

For empirical work on regulation, the measurement bottleneck is detecting and coding privacy-relevant text at scale. Automated classifiers can identify GDPR-relevant privacy-policy content, enabling large-sample study of disclosure practices and their correlates (Chang et al. 2019). The methodological point connects privacy research to the broader text-analytics toolkit and makes the regulatory-compliance literature tractable beyond hand-coded samples.

24.9 Personalization and Sensitive Information: A Boundary Condition

A recurring nuance is that the privacy calculus is type-of-information specific, not global. White (2004) show that consumers with deeper relational connections to a firm are more willing to disclose ordinary privacy-related information in exchange for customized offerings—but the relationship reverses for embarrassing information: loyal, deeply connected consumers find the exchange of customized benefits for embarrassing disclosures unattractive. The benefit term \(B\) in Equation 24.2 does not compensate for the cost \(C\) when the disclosure threatens the self, regardless of relationship strength. This is the microfoundation of the result that benevolence and norm-respect, not raw benefit, govern sensitive disclosure—and it is why Godinho de Matos and Adjerid (2022) find consumers ring-fencing sensitive data even as they open up otherwise under GDPR. Privacy, defined as selective control of access to the self (Altman 1976), is most jealously guarded exactly where the self is most exposed, and consumers deploy active coping strategies to protect it when personalization threatens that boundary (Youn 2009; Grant 2005).

24.10 Synthesis: Privacy as Strategy

The literature converges on a managerial stance that treats privacy not as a compliance burden but as a source of advantage—what the organizational work frames as privacy as strategy. Firms that prioritize data privacy authentically, that involve customers in the privacy dialogue, that align privacy practices across every function rather than siloing them in legal, that emphasize what they do right with data, and that commit over the long term are predicted to realize positive performance and higher consumer trust (Kelly D. Martin, Borah, and Palmatier 2017; Casadesus-Masanell and Hervas-Drane 2015). The behavioral and economic results explain why this works: trust is the proactive lever that flattens the privacy-cost gradient (Equation 24.3), control converts personalization from intrusion into service (Tucker 2013), transparency and control insure against the performance damage of breaches (Kelly D. Martin, Borah, and Palmatier 2017), and benevolent framing keeps a privacy notice on the social-contract side of the bulletproof-glass divide (Brough et al. 2022). The unifying theme is that privacy is governed by norms of appropriate flow, and the firm’s job is to be legible and trustworthy within those norms rather than to minimize disclosure or maximize collection.

24.11 Key Takeaways

Acquisti, Alessandro, Leslie K John, and George Loewenstein. 2012. “The Impact of Relative Standards on the Propensity to Disclose.” Journal of Marketing Research 49 (2): 160–74.
Adjerid, Idris, Alessandro Acquisti, and George Loewenstein. 2019. “Choice Architecture, Framing, and Cascaded Privacy Choices.” Management Science 65 (5): 2267–90.
Aguirre, Elizabeth, Dominik Mahr, Dhruv Grewal, Ko De Ruyter, and Martin Wetzels. 2015. “Unraveling the Personalization Paradox: The Effect of Information Collection and Trust-Building Strategies on Online Advertisement Effectiveness.” Journal of Retailing 91 (1): 34–49.
Aguirre, Elizabeth, Anne L. Roggeveen, Dhruv Grewal, and Martin Wetzels. 2016. “The Personalization-Privacy Paradox: Implications for New Media.” Journal of Consumer Marketing 33 (2): 98–110. https://doi.org/10.1108/jcm-06-2015-1458.
Alba, Joseph, John Lynch, Barton Weitz, Chris Janiszewski, Richard Lutz, Alan Sawyer, and Stacy Wood. 1997. “Interactive Home Shopping: Consumer, Retailer, and Manufacturer Incentives to Participate in Electronic Marketplaces.” Journal of Marketing 61 (3): 38–53.
Altman, Irwin. 1976. “A Conceptual Analysis.” Environment and Behavior 8 (1): 7–29.
Athey, Susan, Christian Catalini, and Catherine Tucker. 2017. “The Digital Privacy Paradox: Small Money, Small Costs, Small Talk.” National Bureau of Economic Research.
Awad, Naveen Farag, and Mayuram S Krishnan. 2006. “The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to Be Profiled Online for Personalization.” MIS Quarterly, 13–28.
Bauer, Christine, and Peter Lasinger. 2014. “Adaptation Strategies to Increase Advertisement Effectiveness in Digital Media.” Management Review Quarterly 64 (2): 101–24. https://doi.org/10.1007/s11301-014-0101-0.
Betzing, Jan Hendrik, Matthias Tietz, Jan vom Brocke, and Jörg Becker. 2020. “The Impact of Transparency on Mobile Privacy Decision Making.” Electronic Markets 30 (3): 607–25.
Bleier, Alexander, and Maik Eisenbeiss. 2015. “The Importance of Trust for Personalized Online Advertising.” Journal of Retailing 91 (3): 390–409.
Brandimarte, Laura, and Alessandro Acquisti. 2012. “The Economics of Privacy.” The Oxford Handbook of the Digital Economy, 547–71.
Brandimarte, Laura, Alessandro Acquisti, and George Loewenstein. 2013. “Misplaced Confidences: Privacy and the Control Paradox.” Social Psychological and Personality Science 4 (3): 340–47.
Brough, Aaron R., David A. Norton, Shannon L. Sciarappa, and Leslie K. John. 2022. “The Bulletproof Glass Effect: Unintended Consequences of Privacy Notices.” Journal of Marketing Research 59 (4): 739–54. https://doi.org/10.1177/00222437211069093.
Casadesus-Masanell, Ramon, and Andres Hervas-Drane. 2015. “Competing with Privacy.” Management Science 61 (1): 229–46.
Chang, Cheng, Huaxin Li, Yichi Zhang, Suguo Du, Hui Cao, and Haojin Zhu. 2019. “Automated and Personalized Privacy Policy Extraction Under GDPR Consideration.” In International Conference on Wireless Algorithms, Systems, and Applications, 43–54. Springer.
Chellappa, Ramnath K., and Raymond G. Sin. 2005. “Personalization Versus Privacy: An Empirical Examination of the Online Consumers Dilemma.” Information Technology and Management 6 (2-3): 181–202. https://doi.org/10.1007/s10799-005-5879-y.
Cho, Chang-Hoan, and University of Texas at Austin) is an as-. 2004. “Why Do People Avoid Advertising on the Internet?” Journal of Advertising 33 (4): 89–97.
Chu, Shu-Chuan. 2011. “Viral Advertising in Social Media: Participation in Facebook Groups and Responses Among College-Aged Users.” Journal of Interactive Advertising 12 (1): 30–43.
Conitzer, Vincent, Curtis R. Taylor, and Liad Wagman. 2012. “Hide and Seek: Costly Consumer Privacy in a Market with Repeat Purchases.” Marketing Science 31 (2): 277–92. https://doi.org/10.1287/mksc.1110.0691.
D’Assergio, Caterina, Puneet Manchanda, Elisa Montaguti, and Sara Valentini. 2024. “EXPRESS: The Race for Data: Utilizing Informative or Persuasive Cues to Gain Opt-in?” Journal of Marketing, 00222429241288456.
Eastlick, Mary Ann, Sherry L Lotz, and Patricia Warrington. 2006. “Understanding Online b-to-c Relationships: An Integrated Model of Privacy Concerns, Trust, and Commitment.” Journal of Business Research 59 (8): 877–86.
Friestad, Marian, and Peter Wright. 1994. “The Persuasion Knowledge Model: How People Cope with Persuasion Attempts.” Journal of Consumer Research 21 (1): 1. https://doi.org/10.1086/209380.
Godinho de Matos, Miguel, and Idris Adjerid. 2022. “Consumer Consent and Firm Targeting After GDPR: The Case of a Large Telecom Provider.” Management Science 68 (5): 3330–78.
Goldfarb, Avi, and Catherine Tucker. 2011. “Online Display Advertising: Targeting and Obtrusiveness.” Marketing Science 30 (3): 389–404.
Grant, Ian C. 2005. “Young Peoples’ Relationships with Online Marketing Practices: An Intrusion Too Far?” Journal of Marketing Management 21 (5-6): 607–23.
Janssen, Rebecca, Reinhold Kesler, Michael E Kummer, and Joel Waldfogel. 2022. “GDPR and the Lost Generation of Innovative Apps.” National Bureau of Economic Research.
Johnson, Garrett A., Scott K. Shriver, and Shaoyin Du. 2020. “Consumer Privacy Choice in Online Advertising: Who Opts Out and at What Cost to Industry?” Marketing Science 39 (1): 33–51. https://doi.org/10.1287/mksc.2019.1198.
Kim, Nam Young, and S. Shyam Sundar. 2012. “Personal Relevance Versus Contextual Relevance.” Journal of Media Psychology 24 (3): 89–101. https://doi.org/10.1027/1864-1105/a000067.
Kim, Tami, Kate Barasz, and Leslie K John. 2019. “Why Am i Seeing This Ad? The Effect of Ad Transparency on Ad Effectiveness.” Journal of Consumer Research 45 (5): 906–32.
Kollnig, Konrad, Reuben Binns, Max Van Kleek, Ulrik Lyngs, Jun Zhao, Claudine Tinsman, and Nigel Shadbolt. 2021. “Before and After GDPR: Tracking in Mobile Apps.” arXiv Preprint arXiv:2112.11117.
Kreuter, Frauke, Georg-Christoph Haas, Florian Keusch, Sebastian Bähr, and Mark Trappmann. 2020. “Collecting Survey and Smartphone Sensor Data with an App: Opportunities and Challenges Around Privacy and Informed Consent.” Social Science Computer Review 38 (5): 533–49.
Lin, Tesary, and Avner Strulov-Shlain. 2025. “Choice Architecture, Privacy Valuations, and Selection Bias in Consumer Data.” Marketing Science.
Malhotra, Arvind, and Claudia Kubowicz Malhotra. 2011. “Evaluating Customer Information Breaches as Service Failures: An Event Study Approach.” Journal of Service Research 14 (1): 44–59.
Malhotra, Deepak, and J Keith Murnighan. 2002. “The Effects of Contracts on Interpersonal Trust.” Administrative Science Quarterly 47 (3): 534–59.
Malhotra, Naresh K, Sung S Kim, and James Agarwal. 2004. “Internet Users’ Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model.” Information Systems Research 15 (4): 336–55.
Martin, Kelly D, Abhishek Borah, and Robert W Palmatier. 2017. “Data Privacy: Effects on Customer and Firm Performance.” Journal of Marketing 81 (1): 36–58.
Martin, Kelly D., and Patrick E. Murphy. 2016. “The Role of Data Privacy in Marketing.” Journal of the Academy of Marketing Science 45 (2): 135–55. https://doi.org/10.1007/s11747-016-0495-4.
Maslowska, Ewa, Bas van den Putte, and Edith G Smit. 2011. “The Effectiveness of Personalized e-Mail Newsletters and the Role of Personal Characteristics.” Cyberpsychology, Behavior, and Social Networking 14 (12): 765–70.
McCole, Patrick, Elaine Ramsey, and John Williams. 2010. “Trust Considerations on Attitudes Towards Online Purchasing: The Moderating Effect of Privacy and Security Concerns.” Journal of Business Research 63 (9-10): 1018–24.
Milberg, Sandra J, H Jeff Smith, and Sandra J Burke. 2000. “Information Privacy: Corporate Management and National Regulation.” Organization Science 11 (1): 35–57.
Milne, George R, and Mary J Culnan. 2004. “Strategies for Reducing Online Privacy Risks: Why Consumers Read (or Don’t Read) Online Privacy Notices.” Journal of Interactive Marketing 18 (3): 15–29.
Miyazaki, Anthony D. 2009. “Perceived Ethicality of Insurance Claim Fraud: Do Higher Deductibles Lead to Lower Ethical Standards?” Journal of Business Ethics 87 (4): 589–98.
Miyazaki, Anthony D, and Sandeep Krishnamurthy. 2002. “Internet Seals of Approval: Effects on Online Privacy Policies and Consumer Perceptions.” Journal of Consumer Affairs 36 (1): 28–49.
Mourey, James A, and Ari Ezra Waldman. 2020. “Past the Privacy Paradox: The Importance of Privacy Changes as a Function of Control and Complexity.” Journal of the Association for Consumer Research 5 (2): 162–80.
Norberg, Patricia A, Daniel R Horne, and David A Horne. 2007. “The Privacy Paradox: Personal Information Disclosure Intentions Versus Behaviors.” Journal of Consumer Affairs 41 (1): 100–126.
Petty, Richard E., and John T. Cacioppo. 1986. “The Elaboration Likelihood Model of Persuasion.” In, 1–24. Springer New York. https://doi.org/10.1007/978-1-4612-4964-1_1.
Rust, Roland T, PK Kannan, and Na Peng. 2002. “The Customer Economics of Internet Privacy.” Journal of the Academy of Marketing Science 30 (4): 455–64.
Sheehan, Kim Bartel, and Mariea Grubbs Hoy. 2000. “Dimensions of Privacy Concern Among Online Consumers.” Journal of Public Policy & Marketing 19 (1): 62–73.
Smith, H Jeff, Sandra J Milberg, and Sandra J Burke. 1996. “Information Privacy: Measuring Individuals’ Concerns about Organizational Practices.” MIS Quarterly, 167–96.
Story, Peter, Sebastian Zimmeck, and Norman Sadeh. 2018. “Which Apps Have Privacy Policies?” In Annual Privacy Forum, 3–23. Springer.
Sultan, Fareena, Andrew J. Rohm, and Tao (Tony) Gao. 2009. “Factors Influencing Consumer Acceptance of Mobile Marketing: A Two-Country Study of Youth Markets.” Journal of Interactive Marketing 23 (4): 308–20. https://doi.org/10.1016/j.intmar.2009.07.003.
Tam, Kar Yan, and Shuk Ying Ho. 2005. “Web Personalization as a Persuasion Strategy: An Elaboration Likelihood Model Perspective.” Information Systems Research 16 (3): 271–91.
Tsai, Janice Y, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. 2011. “The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study.” Information Systems Research 22 (2): 254–68.
Tucker, Catherine E. 2013. “Social Networks, Personalized Advertising, and Privacy Controls.” Journal of Marketing Research 51 (5): 546–62. https://doi.org/10.1509/jmr.10.0355.
Vail, Matthew W, Julia B Earp, and Annie I Antón. 2008. “An Empirical Study of Consumer Perceptions and Comprehension of Web Site Privacy Policies.” IEEE Transactions on Engineering Management 55 (3): 442–54.
Walrave, Michel, Karolien Poels, Marjolijn L. Antheunis, Evert Van den Broeck, and Guda van Noort. 2016. “Like or Dislike? Adolescents Responses to Personalized Social Network Site Advertising.” Journal of Marketing Communications 24 (6): 599–616. https://doi.org/10.1080/13527266.2016.1182938.
Wattal, Sunil, Rahul Telang, Tridas Mukhopadhyay, and Peter Boatwright. 2012. “What’s in a Name? Impact of Use of Customer Information in E-Mail Advertisements.” Information Systems Research 23 (3-part-1): 679–97. https://doi.org/10.1287/isre.1110.0384.
Westin, Alan. 1967. “F. Privacy and Freedom.” New York: Atheneum.
White, Tiffany Barnett. 2004. “Consumer Disclosure and Disclosure Avoidance: A Motivational Framework.” Journal of Consumer Psychology 14 (1-2): 41–51.
White, Tiffany Barnett, Debra L Zahay, Helge Thorbjørnsen, and Sharon Shavitt. 2008. “Getting Too Personal: Reactance to Highly Personalized Email Solicitations.” Marketing Letters 19 (1): 39–50.
Wirtz, Jochen, and May O Lwin. 2009. “Regulatory Focus Theory, Trust, and Privacy Concern.” Journal of Service Research 12 (2): 190–207.
Xu, David Jingjun, Stephen Shaoyi Liao, and Qiudan Li. 2008. “Combining Empirical Experimentation and Modeling Techniques: A Design Research Approach for Personalized Mobile Advertising Applications.” Decision Support Systems 44 (3): 710–24.
Xu, Heng, Hock-Hai Teo, Bernard CY Tan, and Ritu Agarwal. 2012. “Research Note—Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based Services.” Information Systems Research 23 (4): 1342–63.
Youn, Seounmi. 2009. “Determinants of Online Privacy Concern and Its Influence on Privacy Protection Behaviors Among Young Adolescents.” Journal of Consumer Affairs 43 (3): 389–418.

  1. The reflective-versus-formative question recurs across marketing constructs and is unsettled for several of them; the parallel debate for brand equity and authenticity is developed in Chapter 11. The practical stake is identical: the measurement model dictates which validity tests apply and whether the dimensions may be summed.↩︎