Self-Regulation and Competition in Privacy Policies

Start Page



I investigate alternative explanations for the content of privacy policies. Under one model of self-regulation, firms signal their privacy protections to consumers by highlighting compliance with third-party guidelines. However, in a sample of 249 policies, only 27 percent claim compliance with a specific guideline, and the policies that do claim compliance with at least one guideline are generally inconsistent with its requirements. Alternatively, under a market-based mechanism, firms incorporate consumers’ preferences directly. Consistent with this influence, there are several intuitive differences in terms across markets. Adult sites—none of which claim certification—are much more likely to give concise and clear notice of privacy practices and limit data sharing with third parties, while cloud-computing sites are particularly likely to follow stringent data security standards. Overall, privacy policy content appears to be shaped at least as much by market forces as by a self-regulatory regime based on external guidelines.

Full text not available in ChicagoUnbound.