Professional Documents
Culture Documents
Privacy As An Information Product
Privacy As An Information Product
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org.
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
https://about.jstor.org/terms
Harvard University Press is collaborating with JSTOR to digitize, preserve and extend access to
Antitrust Law in the New Economy
163
customers agree with Cook regarding what the report calls the “tradeoff
fallacy.”6 The authors of the report asked Americans a variety of ques-
tions about the data-for-discounts exchange and found that the respon-
dents do not necessarily accept the tradeoff willingly. For example, when
asked, “If companies give me a discount, it is a fair exchange for them to
collect information about me without my knowing it,” 91 percent re-
sponded “no.” Of course, consumers might in fact know about such ex-
changes, so the authors also asked, “Let’s say [the respondent’s usual]
supermarket says it will give you discounts in exchange for its collecting
information about all your grocery purchases. Would you accept the
offer or not?” To that question, 52 percent responded “no,” but the au-
thors also found that many more said they would reject the deal when
asked about specific assumptions that the supermarket might make
about them in response to the data gathered. The authors’ conclusion
was that “the survey reveals most Americans do not believe that ‘data for
discounts’ is a square deal.”
The references to whether giving up data is “worth” what one re-
ceives or whether the exchange is a “square deal” suggest a commercial
transaction. Indeed, Margrethe Vestager, the European Commissioner
for competition, has said that “it’s clear that these are business transac-
tions, not free giveaways.”7 There are human-rights implications of pri-
vacy as well, of course, and much of the legal commentary regarding
privacy focuses primarily on those issues. However, there is increasing
interest and focus on privacy from an antitrust point of view. Not sur-
prisingly, given the novelty of the issues, some argue that the acquisition
of private data by sellers presents a serious antitrust problem, others ar-
gue that it does not, and others take a middle ground. For present pur-
poses, the most interesting perspective, perhaps, is the one that considers
privacy, and “personal information,”8 as a commercial good in itself.
At least three competition issues can arise in the context of “private”
consumer information. One is the failure of competition, either with re-
spect to firm conduct or as the product of mergers, to cause firms to re-
spond to consumers’ privacy concerns, which is a lessening of the quality
provided to consumers. The problem here is not the use of the informa-
tion per se, but the failure of firms to provide consumers with adequate
means of protecting it.9 The second problem is that of price discrimina-
tion, in which a seller’s detailed knowledge of consumers’ personal infor-
mation and preferences allows the seller to charge a price calculated to
each consumer’s willingness to pay. As a result, much or all of the value
164
165
Privacy Per Se
One perspective on privacy as a good is that it is simply a component of
the service provided by, say, a search engine.17 In this respect, privacy
would be just an element of nonprice competition, as is quality or dura-
bility. In fact, privacy could be seen as an element of quality.18 If consum-
ers want a great deal of privacy, and they receive it from a service pro-
vider, then they are receiving a high-quality service. If instead they
receive less privacy than they would prefer, they are receiving a low-
quality good. Because it is generally recognized that nonprice factors like
quality are as important as price, a loss of privacy should be a consumer
harm that antitrust law deems important.19
Geoffrey Manne and Ben Sperry have resisted this equation of less
privacy with consumer harm that presents an antitrust issue. One of
their points is that even if some consumers want more privacy, others are
willing to exchange it for value received through better targeting from
166
sellers. That is surely correct, but not justification for a hands-off ap-
proach by antitrust, as discussed below. The more surprising argument
they make is that less privacy is not a problem, even for consumers who
want more, unless the loss causes some other, presumably tangible,
harm:
[C]laims that concentration will lead to a “less-privacy-protective
structure” for online activity are analytically empty. One must
make out a case, at minimum, that a move to this sort of structure
would reward the monopolist in some way, either by reducing its
costs or by increasing revenue from some other source.20
There are at least two flaws in this passage. The first is that a loss of
privacy is in fact a transfer from consumers to producers. If producers
take valuable consumer information without payment, or even without
payment at a competitive price, then producers gain at the expense of
consumers. And if it is market concentration—a “less-privacy-protective
structure”—that is the cause of this exploitation, then it is a competition
issue, not (only) a consumer protection one. 21 What appears to be going
on in this passage is a rejection of the view that consumers are entitled
simply to want privacy; the authors want consumers to justify their de-
sire for it. 22 But Joseph Farrell has pointed out that this is not the usual
approach in antitrust, which simply takes consumer demand as given:
Thus it’s jarring for an (or this) economist to hear the notion that
economics pushes public policy on privacy towards focusing on
quantifiable, tangible, and verifiable specific harms from the loss
of privacy, a notion that is also reflected in some court cases. Eco-
nomics sometimes views intermediate goods that way, but for fi-
nal goods, it normally takes tastes as given and asks how well a
market or an economic system satisfies those tastes. 23
The second flaw is that there is no requirement that harms to consumers
also provide benefits to producers to raise an antitrust issue. In the
merger context, even the possibility of unilateral harm from a firm large
enough to exploit consumers is of concern, and the U.S. agencies’ Merger
Guidelines refer specifically to nonprice harms. 24 And even liability for
single-firm conduct turns only on exclusionary conduct and the lack of
a legitimate business purpose, not on increased profits. It has long been
accepted that “[t]he best of all monopoly profits is a quiet life.”25
But Manne and Sperry are surely correct that privacy harms can
167
The upshot of this point, though, is simply that antitrust law must bal-
ance harms and benefits, not look only at one side of the ledger. That is
an uncontroversial claim, but hardly one that eliminates privacy harms
from antitrust consideration.
In fact, however, the U.S. agencies have avoided informational qual-
ity issues even where they are more straightforward than privacy. This
was particularly significant in the wave of radio mergers in the United
States in the late 1990s. The Department of Justice focused almost ex-
clusively on the price effects of the mergers on advertisers, rather than on
the quality effects on listeners. 27 And it did so despite the fact that listen-
ers care about radio programming more obviously than they care about
privacy protections.
The U.S. antitrust agencies’ relative neglect of information issues con-
tinued in the FTC’s recent review of the Google-DoubleClick merger.
The Commission was rather cryptic about its consideration of privacy
issues in that case:
168
The FTC’s decision not to focus on privacy issues was especially striking
given the call for such a focus in the dissenting statement of Commissioner
Pamela Jones Harbour:
169
are giving up their data without payment, they are receiving less from
the search engine than effective competition would provide them.
170
they interact, how it will be secured, and what uses eventually will
be made of it. If user data is a “payment” for online services, one
might call it a “credence payment,” since users cannot determine
the price they are paying either before or after they have paid it.36
171
When the FTC announced its decision to close its investigation into pos-
sible Google search bias,42 Commissioner Rosch issued a separate state-
ment.43 Among the concerns he expressed was that Google might use
“‘half-truths’—for example, that its gathering of information about the
characteristics of a consumer is done solely for the consumer’s benefit.”44
Commissioner Rosch’s concern, though, was not the usual consumer-
protection one of gaining an advantage in a particular transaction, but
rather that Google might be gathering the information “to maintain a
monopoly or near-monopoly position.”45 Although he did not articulate
this theory more fully, it points to a relationship between control over
personal information and antitrust.
172
Price Discrimination
Consumers have reason to care about privacy not just in the abstract, as
a good of which they want more, but also because of potential price
173
174
only slightly above its cost, it profits more by charging a higher price.
That is so because the lost profits from sales that do not occur because
of the higher price are more than compensated for by the greater profits
on sales that do occur. So the profits of the seller are greater, but the
benefits to society are less. That is so because the increased profits on the
sales that do occur are merely transfers from buyers—the buyers lose
while the seller gains—making those exchanges neutral from a societal
point of view, but the sales that do not occur create a loss to those cus-
tomers who would have gained from their purchases, but no compensat-
ing benefit to the sellers. This is the so-called “deadweight loss” to soci-
ety that is the harm of higher prices. Price discrimination can eliminate
this loss because it can permit the seller to charge the value of the good
to each buyer. In that way, the seller gains from the higher-priced sales
while still making sales at lower prices. The key point here is that the
price discrimination enables the seller to raise prices to some consumers
while lowering the price to others. But that happens only if the seller was
charging higher than its cost before the price discrimination.
The price discrimination that could be made possible in online mar-
kets by consumers’ personal information would not necessarily involve
sellers that have preexisting power. For example, in the Orbitz case de-
scribed in Chapter 2, where Orbitz showed higher-price hotels to users
of Apple computers, hotels would not generally be thought to have mar-
ket power. They presumably operate in more-or-less competitive mar-
kets in which they face effective competition from other hotels, at least
for consumers about whom they do not have detailed information. In
those markets, having more personal information of consumers would
not likely lead the hotels to lower their prices to any consumers, to whom
they presumably would already be charging a competitive price. Instead,
it would only raise prices to those consumers about whom they have
personal information. That is, the hotels would present higher prices to
those consumers—perhaps Mac users—that they believe would be will-
ing to pay those higher prices.
If sellers were able to price-discriminate perfectly, this would all mat-
ter less. In that case, money would be transferred from buyers to sellers,
but society as a whole would not lose. But perfect price discrimination is
not possible, or even likely. Not all Mac users want to, or are willing to,
pay more for hotels. Yet if they are shown higher-priced hotels, and it is
difficult for them to find lower-priced hotels, they might not choose the
hotel they prefer or, worse, they might not travel at all. The same would
175
be true for typical online buyers of consumer goods who are shown
prices that are near to, but perhaps slightly above, the amounts they are
willing to pay. The losses these buyers, or potential buyers, suffer could
then be losses to society.
In cases where a price-discriminating seller has market power, these
losses from imperfect price discrimination might be balanced by gains to
buyers who are able to make purchases at lower prices. But if the seller
is operating in a competitive market and has no ability to make large-
scale reductions in prices to some buyers, any imperfections in its price
discrimination will create lost sales. And the seller may not be sensitive
to those lost sales because it will be making greater profits from its other
sales. That is, its overall profit picture could improve so dramatically
that its loss of some sales that it could have made—indeed, could still
make—will not necessarily be noticed.
Given the unhappiness of consumers when it is revealed that they
have been subject to price discrimination—the most commonly used ex-
ample is payment of different amounts for comparable airplane seats59 —
it seems at least plausible that the widespread use of such practices, if
known, would prompt calls for relief. The U.S. Supreme Court recently
stated quite forcefully that price discrimination is not an entitlement of
sellers, at least for copyrighted goods,60 which suggests that consider-
ation of this price-increasing effect of the availability of personal infor-
mation may be an appropriate subject for antitrust law.
176
search engines than Google itself faced when it was entering the market.
The D.C. Circuit Court of Appeals made a similar point about the ad-
vantages Microsoft possessed once it became established in the market:
“When Microsoft entered the operating system market with MS-DOS
and the first version of Windows, it did not confront a dominant rival
operating system with as massive an installed base and as vast an exist-
ing array of applications as the Windows operating systems have since
enjoyed.”62
Determining whether Google or Facebook63 possesses similarly for-
midable advantages now would require considerable research.64 It is
clear, though, that Google similarly has a vast “installed base” (of users)
and “array of applications” (such as gmail). It is therefore inappropriate
to claim, without further evidence, that a new entrant in the search or
social network would face no greater obstacles overcoming Google or
Facebook than they faced overcoming AltaVista or MySpace. Surely the
vast amounts of personal information possessed by Google and Facebook
are part of the competitive landscape that newcomers would face.
Moreover, it was to a large extent Google that made data the impor
tant contributor to search that it is now. “Early search engines, like
Yahoo! and AltaVista, found results based only on key words.
Personalized search, as pioneered by Google, has become far more com-
plex with the goal to ‘understand exactly what you mean and give you
exactly what you want.’”65 Thus, if indeed a large collection of data is a
competitive advantage, then new entrants now would face Google when
Google has that advantage, while Google would have entered the market
at a time when the established firms did not have such an advantage.
It is true, though, as Manne and Sperry point out, that there may not
be particular conduct by the dominant firms in these data-intensive mar-
kets that excludes competitors. That is, the firms might indeed possess
more data than their competitors, and might have power as a result of
the data, but they might not be acting anticompetitively. There is no
reason to think that these firms have gathered information about cus-
tomers in order to exclude competitors (though it is possible that it aids
in that goal, as discussed below). On the contrary, there is every reason
to think that they gather that information to improve their own services.
To bring antitrust into play, at least outside the merger context, it would
be necessary to develop a theory under which they could use this power
to anticompetitive effect.
177
178
179
Google “makes most of its money from the Referrer field.”71 Although
other techniques can be used for the same purpose, they generally rely on
the technical infrastructure that enables this sort of tracking.72
The commercial role played by Referer and related techniques seems
innocuous, or at least reasonable, but there are problematic possibilities.
For example, a seller could offer different prices to buyers depending on
what site they came from. A recent study showed that consumers are
unaware of this possibility,73 yet the author of that study noted that “[a]
retail photography Web site, for example, charged different prices for
the same digital cameras and related equipment, depending on whether
shoppers had previously visited popular price-comparison sites.”74 And
although some web browsers allow users to turn off Referer, at least
with add-ons,75 it seems unlikely that many users take advantage (or
disadvantage76) of this feature.
Cookies are a better-known method of tracking browsing history. A
cookie is text a web server sends and stores on a user’s computer by way
of the user’s web browser. The cookie can then be retrieved later by the
server. But some websites deliver information from multiple servers, in-
cluding those providing advertising banners. When those banners are
delivered by the same firm to multiple sites that a user visits, the firm can
gather information from visits to all the sites and accumulate consider-
able information about users’ browsing histories. This is a key technique
advertisers and others use to track users online. Because cookies are
much better known than Referer, though, most, if not all, browsers pro-
vide the ability to deny cookies, even if doing so can cause problems with
websites that depend on them.
The original HTTP specification for cookies was adopted in 1997,77
and current approaches are outlined in a proposed standard from 2011.78
The proposed standard describes the use of cookies, but makes a distinc-
tion between cookies sent by the server the user visited and so-called
third-party cookies, which are those sent by other servers (for example,
those delivering advertising on the site the user visited).79 An earlier ver-
sion of the cookie specification forbad third-party cookies,80 but the new
version allows them, despite calling them “[p]articularly worrisome.”81
It is true that even under the superseded specification that prohibited
third-party cookies, many website designers ignored the prohibition,82
but it is nevertheless troubling that the IETF has abandoned its prohibi-
tion, despite its expressed concern. As one website notes, some websites
180
provide cookies for more than one hundred third-party domains, gener-
ally without the awareness of users.83
Generally speaking, the IETF, which sets technical standards in this
area, gets considerable deference, as David Post describes.84 The IETF is
an organization open to all, but like many standard-setting organiza-
tions, much of its work is done by representatives of organizations active
in the industry because they support the work financially. Post and oth-
ers85 are enthusiastic about the IETF’s role, but its composition and the
history here are problematic. Like other standard-setting organizations
discussed in Chapter 4, the IETF determines the nature of products pro-
vided to users. Unlike most other standard-setting organizations, its
products—HTTP specifications, among others—define the fundamen-
tal nature of the online environment.86 Furthermore, that environment
has greater public-policy implications than do many standards (though
perhaps some medical standards could be seen as comparable). And, of
course, most users are entirely unaware of the choices that the IETF is
making for them.
“The mission of the IETF is to make the Internet work better by pro-
ducing high quality, relevant technical documents that influence the way
people design, use, and manage the Internet.”87 As with standards gen-
erally, though, what it is to “work better” can be a highly contested
matter and can evolve over time. To be sure, the controversial aspects of
the IETF’s work have been recognized within the IETF, which has even
issued an RFC that “identifies specific uses of Hypertext Transfer
Protocol (HTTP) State Management protocol [like cookies] which are
either (a) not recommended by the IETF, or (b) believed to be harmful,
and discouraged.”88 And participation in the organization’s activities is
open to all. Nevertheless, its work has significant competitive implica-
tions, particularly with regard to the control of user information, and
thus could be subject to the antitrust laws.
181