The Myth of the Privacy Paradox

Privacy and Security

Article Snapshot


Daniel J. Solove


George Washington Law Review, Vol. 89, pp. 1-51, 2021


People report that they value privacy highly, but are willing to trade personal data for goods and services. This “privacy paradox” is sometimes used as an argument against privacy regulation. However, regulation should be based on the social value of privacy, not individual valuations.

Policy Relevance

Privacy regulation should focus on the systems for processing and transferring data.

Main Points

  • People often say they value privacy highly, but readily trade personal data for goods and services; this is often called the “privacy paradox.”
  • Commentators differ in evaluating the significance of the privacy paradox.
    • Some suggest that people’s behavior reveals that they actually ascribe a low value to privacy, proposing that privacy regulation be reduced.
    • Others suggest that behavior is not a good measure of preferences, because it is distorted by bias, heuristics, and manipulation.
  • People’s statements about the value they place on privacy are general in nature; by contrast, the behaviors revealed in “privacy paradox” studies involve exchanges of data based on assessment of levels of risk in very specific contexts.
  • One should not generalize from people’s willingness to trade data in specific contexts that they do not value privacy; people may value protection and choice supported by regulation, and still choose to exchange their data for goods or services.
  • Attempts to determine the value of privacy by looking at individual valuations of privacy are misguided; privacy regulation decisions should be informed by the value of privacy as an instrument for many important societal ends.
    • Privacy is valuable as a limit on power.
    • Privacy allows people to manage their reputations and control their life.
    • Privacy supports freedom of speech and political association.
  • People’s failure to protect their own privacy cannot effectively be addressed by enhancing people’s ability to self-manage privacy; faced with thousands of choices to read privacy policies or opt out, people are likely to be overwhelmed.
  • Privacy law should focus on regulating the systems and structures that control how information is used, processed, exchanged, and stored.
    • Regulation can block product designs that harm consumers.
    • Regulation can restrict types of data transfers.
    • Regulations can require governance to assess and control risk.

Get The Article

Find the full article online

Search for Full Article