Abstract
With heightened concerns regarding user privacy, there is a recent movement for empowering consumers with the ability to control how their private data are collected, stored, used and shared. Notably, between 2018 and 2020, the General Data Protection Regulation (GDPR) has been implemented in the European Union (EU), and the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have been implemented/passed in the state of California in the United States. These regulations address both consumer data security and consumer privacy rights. In this monograph, we provide an overview of some of the key issues that are in play in consumer privacy and in empowering consumers with rights to manage the privacy of their data, viewed primarily in the context of online advertising-related actions of firms. The recent academic work on these topics already provides some important takeaways. Empirical studies, broadly speaking, show that fewer consumers share data with firms post-regulation and this leads to worse personalized marketing, i.e., the firms are at a handicap. Theoretically, a primary insight is that privacy regulations on using data affect the advertising/targeting layer directly and the product/pricing layer directly and/or indirectly; broadly speaking, consumers make data sharing choices by balancing the intrinsic and instrumental values of sharing data, and privacy regulations can generally be expected to benefit consumers at the expense of firms. We also discuss how consumers’ understanding of firms’ privacy policies and their impact can be enhanced, which is important for regulations to have their intended impact. We briefly discuss the development of privacy-preserving mechanisms for targeted advertising, industry interest in and adoption of which has been recently enhanced due to new regulations. We conclude with a discussion and lay out some directions for future research.