The price of being free: We may care about our personal data, but do we value it?
‘Something is free, if someone else pays’ - Anon.
We get many free goods and services online via an opaque barter where, in exchange, companies access our data and try and sell us things. We say we care about our data, though if we could retain it, but pay for these products, would we? This option is not always available, but even if it was, it is not clear that we would take it.
1. The economics of digital products encourages free products which require access to our data
There are a number of reasons why we would expect there to be a lot of free online products which require access to our personal data:
- The cost of producing digital products
The cost of producing another unit of a digital product for customers is typically zero. Although this does not guarantee low prices, when combined with low barriers to entering the market (such as in app development), competition will have a tendency to drive prices down to very low levels.
- With a free product, businesses have to raise income through other means such as advertising, and data access facilitates this
Data is needed to target the adverts and the volume that a free product offers is needed as the failure rate of targeted advertisements can still be high. Even in markets with higher barriers to entry, firms already in the market may decide that this is the optimal business strategy, particularly if there are network effects (i.e. the more people using the good, the more likely others are to use it).
- Access to data allows products to be improved
Being able to access data also helps improve the product for the customer in the first place. It allows products to be tailored to users (e.g. customising according to location), and information to be collated across users to provide a better service.
2. Evidence from the apps market shows that there are far more free-apps than paid apps, and that they generally require higher levels of access to personal data
Data protection issues are arguably particularly important in smart phones where there’s a confluence of phone, email, web, social media and location data. The potential extent of mobile data collection has been systematically analysed in research by Ilaria Liccardi, Joseph Pato and Daniel Weitzner. They gathered information on over half a million mobile apps on the Google Play marketplace (88% of the apps then available on Google Play in 2012). Of these there were around 387,000 (73%) free apps and 142,000 (27%) paid apps. The work analysed the data that the apps requested permissions to access and catagorised them according whether the permission was to access sensitive data or not (For the full list see the paper’s Table 9; one of the most interesting appendix tables ever). The study found that 46% of apps had the ability to access sensitive personal information and transmit it outside the phone, and that paid apps posed a lower privacy risk than free apps. Free apps on average requested a greater number of sensitive permissions. They also accounted for most of the apps requesting many sensitive permissions that were able to send data outside the phone.
3. If an equivalent to the free product is on offer which does not involve exchanging personal data, but which has to be paid for, it is not clear we would choose it
One can imagine a world where companies also offer an equivalent product where no personal data is exchanged, but which has to be paid for. That most companies don’t offer this, suggests they do not consider it would increase profits. It is also possible to design experiments to investigate how people would behave if facing a choice between a higher price and handing over less personal information for the same service. Research by Sӧren Preibusch, Dorothea Kubler and Daniel Beresford has found that when consumers have a choice between two online stores selling the same kinds of products, one requiring more extensive personal data disclosure (e.g. asking for mobile phone numbers, monthly income and date of birth), but lower prices then they tend to purchase the product from the cheaper store. This is despite three quarters of the experiment’s participants (who did not know the purpose of the study) stating in response to survey questions that they were very strongly interested in data protection.
4. We don’t understand the value of our personal data, and that’s not a good thing
If we were prepared to pay to retain our data that would suggest we value it, and the most obvious interpretation of this empirical and experimental evidence is that we don’t. It is questionable whether we are well-placed to make this call, however. We typically don’t appreciate the extent of the information we are handing over and what happens to it (that it can sometimes be made available to third parties for example). We don't understand what the potential effects of targeted adverts on us and, increasingly, personalised pricing and offers might be - it may not be someone else who is paying. It is therefore hard to form a view on what retaining our data might be worth to us. There are great benefits from the use of our data, and the economy is only going to get more data driven, but there can be costs for us too and we should have a better understanding of them. This is an area where we need more transparency, research and education. Ignorance is not bliss, it is ignorance. We need to understand the price of being free.
Acknowledgements: Thanks to the Meaningful Consent in the Digital Economy project at Southampton University for enabling me to attend their workshop and to George Windsor for his comments on the post.
 Liccardi, I., Pato, J. and Weitzner, D. (2013) ‘Improving Mobile App Selection through Transparency and Better Permissions Analysis’, Journal of Privacy and Confidentiality: Vol. 5: Issue 2, Article 1.
 It was possible to undertake the analysis on the Play platform, as the permissions an app requests is accessible without having to install the app itself. How the findings may have been affected by subsequent changes to the Play platform, and the apps on it, is unclear.
 Sensitive permissions include for example: being able to access location data, being able to read gmail on the phone, being able to take photographs with the camera, being able to modify contact details and being able to receive SMS.
 There was little evidence that the participants provided false information.
 Preibusch, S., Kubler, D. and Beresford, A. (2013), ’Price versus privacy: an experiment into the competitive advantage of collecting less personal information’, Electronic Commerce Research. 2013, Issue 4, pp 423-455.
 As the authors point out, this does not rule out privacy aware business models as, all other things being equal, the higher privacy company will via the higher price earn a greater profit margin. For a discussion of some of the new business models that are developing, see here for a review of the Personal Information Management Systems market.