Dr. V.

Sridhar
Professor
International Institute of Information Technology Bangalore, India
vsridhar@iiitb.ac.in
www.vsridhar.info

1
 Why is privacy management hard?

Acquisti, A., Brandimarte, L., & Loewenstein, G. (2020). Secrets and likes: The drive for privacy and the difficulty of achieving
it in the digital age. Journal of Consumer Psychology, 30(4), 736-758.

Some cartoons taken from: https://teachprivacy.com/store/product/cartoon-gdpr-compliance/

License Disclosure: Use in 1 Conference Presentation or Academic Class.

PDA 10-Aug-23 2
Take this Survey

PDA 10-Aug-23 3
 Information Asymmetry
• Consumers are unaware of the diverse ways firms
collect and use their data
• Consumers cannot respond to risks they are
unaware of
• Increases firms’ ability to collect and use consumer
information

PDA 10-Aug-23 4
Psychological Factors

● Bounded Rationality
○ Consumers lack the processing
capacity to make sense of the
complexities of the information
environment
■ Few read, or even could make
sense of, privacy policies
■ Writing policies using
sophisticated, legalistic terms
that obscure the central issues

PDA 10-Aug-23 5
Psychological Factors…

● Present bias (hyperbolic

discounting) -> 1 / (1 + k)t
○ Overemphasizing immediate, and
under-weighing delayed, costs and
benefits
■ Consumers will incur long-
term costs in exchange for
small immediate benefits
● Instant gratification
■ Offering small benefits in
exchange for consumer data
sharing
PDA 10-Aug-23 6
PDA 10-Aug-23 7
Psychological Factors…

● Constructed Preferences
○ Uncertainty about one’s preferences leads people to rely on crude decision
heuristics
■ Dilemma with the trade-offs
■ Sticking with default privacy settings
■ Setting defaults that are advantageous to the firm rather than to the
Consumer

● Illusory
○ The feeling (often illusory) that one is in control of a situation leads to
increased risk-taking

■ Provide consumers with more granular privacy controls to

encourage disclosure
PDA 10-Aug-23 8
PDA 10-Aug-23 9
Psychological Factors…

● Herding
○ The tendency to imitate the behavior of other people
■ Consumers share more when they see others sharing more on social media
■ Provide social media feeds that convey a maximal sense of others’ sharing

● The drive to share

○ The powerful drive to share information, including personal information
○ Sharing of highly private, or even incriminating, information (e.g., on social
media)

PDA 10-Aug-23 10
Privacy Principles for Data Fiduciary
Lawfully

Fairly

Transparent
Explicit
Purpose
Legitimate

Principles Adequate

Minimization Relevant

Limited to
Accuracy
Purpose

Retention
Storage Limit
Erasure
Integrity

Accountability

PDA 10-Aug-23 11
Rights of the Data Subjects Purpose of Data
Right to be Informed Collection &
Processing

Right to Access

Right to Rectification

Data Subjects Right to Erasure/

Forgotten

Right to Restriction
of Processing

Notification
Obligation

Right to Portability

Right to Object

Not solely based on

Automated Decision
Collected Personal
Making
Data

PDA 10-Aug-23 12
Regulate?
Telegram Act 1885

IT Rules 2021

IT Act 2000 (2008)

Intermediary and Digital

India
Media Ethics Code 2021

Digital Law??
Protection Regulation
Privacy and Data

Aadhaar Regulations

General Data Protection

EU
Regulation 2016

Privacy Act 1974

Gramm-Leach-Bliley Act
1999

USA
Health Insurance Portability
and Accountability Act
(HIPAA) 1996

California Consumer
Privacy Act 2018

PDA 10-Aug-23 13
 What are the Fixes? Do they work?

Some cartoons taken from: https://teachprivacy.com/store/product/cartoon-gdpr-compliance/

License Disclosure: Use in 1 Conference Presentation or Academic Class.

PDA 10-Aug-23 14
PDA 10-Aug-23 15
PDA 10-Aug-23 16
 License: Use in 1 Conference Presentation or Academic Class, Please Contact Us for pricing for organizational and all other uses.

PDA 10-Aug-23 17
PDA 10-Aug-23 18