The Myth of the Privacy Paradox

Article Source: George Washington Law Review, Vol. 89, pp. 1-51, 2021
Publication Date:
Time to Read: 2 minute read
Written By:

Search for the full article on Bing



People report that they value privacy highly, but are willing to trade personal data for goods and services. This “privacy paradox” is sometimes used as an argument against privacy regulation. However, regulation should be based on the social value of privacy, not individual valuations.


Policy Relevance:

Privacy regulation should focus on the systems for processing and transferring data.


Key Takeaways:
  • People often say they value privacy highly, but readily trade personal data for goods and services; this is often called the “privacy paradox.”
  • Commentators differ in evaluating the significance of the privacy paradox.
    • Some suggest that people’s behavior reveals that they actually ascribe a low value to privacy, proposing that privacy regulation be reduced.
    • Others suggest that behavior is not a good measure of preferences, because it is distorted by bias, heuristics, and manipulation.
  • People’s statements about the value they place on privacy are general in nature; by contrast, the behaviors revealed in “privacy paradox” studies involve exchanges of data based on assessment of levels of risk in very specific contexts.
  • One should not generalize from people’s willingness to trade data in specific contexts that they do not value privacy; people may value protection and choice supported by regulation, and still choose to exchange their data for goods or services.
  • Attempts to determine the value of privacy by looking at individual valuations of privacy are misguided; privacy regulation decisions should be informed by the value of privacy as an instrument for many important societal ends.
    • Privacy is valuable as a limit on power.
    • Privacy allows people to manage their reputations and control their life.
    • Privacy supports freedom of speech and political association.
  • People’s failure to protect their own privacy cannot effectively be addressed by enhancing people’s ability to self-manage privacy; faced with thousands of choices to read privacy policies or opt out, people are likely to be overwhelmed.
  • Privacy law should focus on regulating the systems and structures that control how information is used, processed, exchanged, and stored.
    • Regulation can block product designs that harm consumers.
    • Regulation can restrict types of data transfers.
    • Regulations can require governance to assess and control risk.



Daniel Solove

About Daniel J. Solove

Daniel J. Solove is the Eugene L. and Barbara A. Bernard Professor of Intellectual Property and Technology Law at the George Washington University Law School. He is an internationally-known expert in privacy law.