“I was hacked and all I got was a lousy upgrade”
I was in a taxi on the way to work visit, when my taxi driver started shouting “Upgrade? UPGRADE? A bloody upgrade?!?!?” at the radio.
Apparently the newsreader had noted that TalkTalk were offering all customers affected by the hack a free upgrade.
My driver was furious that an upgrade was all she was going to get for having her details hacked.
I didn’t ask her, but it did make me wonder what would have been acceptable compensation for a loss of privacy.
About a decade ago, I developed an economic model of the demand of privacy for LSE Identity Project.
Essentially, I came up with two core types of people:
- Privacy myopic people: A myopic individual is short-sighted and neither appropriately protects privacy nor understands the full costs and benefits of maintaining/sacrificing privacy. Myopic demand is relatively elastic (ie they give up a lot of data for little return)
- Privacy rational people: A rational individual calculates costs and benefits of privacy over the long-term and takes advantage of and is aware of the full range of complex privacy-enhancing technologies. Longsighted demand is relatively inelastic.
There’s not a lot of privacy rational people out there, and almost all of us are myopic in some ways: the fact that we all accept ‘cookies’ reveals our myopic tendencies.
My taxi driver didn’t have a clue about how much of her privacy had been lost through the TalkTalk hack, or the value of that data. She wanted to leave for another provider (and didn’t really care how well other providers protected data).
That made me wonder: Is it possible for any of us to be truly rational about our demand for privacy any more?
And if we can no longer realistically have any control over our digital identity and data, then what’s an appropriate level of compensation? Access to a website? 10% off our first shop? A free upgrade?
Not only are we myopic about privacy, we’re fairly cheap dates too.