Digital Privacy

We study the incentives of a digital business to collect and protect users’ data. The data collects improve service it provides consumers, but they may also be accessed, at cost, by strategic third parties in way that harms users, imposing endogenous privacy costs. characterize how revenue model shapes its optimal strategy: collection protection A with more data-driven will provide than similar is usage driven. Consequently, if users have small direct benefit from collection, then usage-driven businesses generate larger consumer surplus their counterparts (the reverse holds large collection). Relative socially desired strategy, over- or undercollect underprotect it. Restoring efficiency requires two-pronged regulatory policy, covering both protection; one such policy combines minimal requirement tax proportional amount collected finally show existing regulation United States, which focuses only on protection, even harm overall welfare. This paper was accepted Itai Ashlagi, management market analytics. Funding: A. Galeotti acknowledges financial support European Research Council [European Consolidator Grant 724356]. R. Momot HEC Paris Foundation Agence Nationale de la Recherche (French National Agency) “Investissements d’Avenir” [Grant LabEx Ecodec/ANR-11-LABX-0047]. Supplemental Material: online appendix available https://doi.org/10.1287/mnsc.2022.4513 .