Abstract
‘Choice architects’ are responsible for designing environments that guide decision-making, and thus must consider the inherent tradeoffs that accompany every choice. This examination of privacy decision-making places privacy considerations into context, and accordingly recommends a method (signal detection theory) for choice architects to define and weigh the tradeoffs ingrained in private and public situations in order to design decision environments that are reflective of their respective costs and benefits.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
"When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else." - David Brin.
1 Introduction
From the onboarding flow of an app to the layout of a school cafeteria, and from the courtroom to the emergency room waiting area, the world is governed by ‘choice architects’. Choice architects can be policymakers, teachers, physicians, lawyers, parents, or anyone with the power to decide how decision environments are designed. A website developer is a choice architect when she decides how to lead users to sign up for a mailing list, just as a primary care physician is a choice architect when she decides how to present different treatment options to her patients. And whether or not these choice architects are aware of the impact of their choices, they set the stage for the behavior of others.
Choice architects determine many features of decision environments, one of which is its level of privacy. When deliberating the level of privacy warranted by a given situation, choice architects must determine which aspects of the situation to take into account. How should privacy be considered, on a personal and societal level? In an era of big data, information sharing, increasing digital presence and evolving social norms, discussions of privacy are more complicated now than ever. When the level of privacy increases, the corresponding level of transparency decreases, and vice versa. Determining the right level of privacy versus transparency is difficult, complex, and varies from domain to domain and situation to situation. Aside from cultural differences in privacy preferences [1] — for example, the Chinese tend to be less forthcoming on the topic of sex, whereas Americans tend to be relatively tight-lipped about their finances [2, 3] — there are also wide-ranging individual differences in the preference for privacy, where some people are generally more open to sharing than others [4], and situational differences where the same person may prefer more privacy in one context than another [5, 6]. Not to mention, as David Brin’s remark above illustrates, different standards are often imposed on others that are not imposed on the self [7]. Moreover, as this article will reveal, the motivational properties of transparency can have a profound influence on human behavior, an attribute that must be incorporated in any discussion weighing the tradeoffs of privacy and transparency.
As neither perfect privacy nor perfect transparency are achievable—or even desirable—what, then, is the right level of privacy? Where is the ideal position on the privacy-to-transparency continuum? (See Fig. 1).
Continuum of Complete Privacy (left) to Complete Transparency (right)
2 The importance of context
No level of privacy can be ideal for every situation, so choice architects must understand the relevant context of each particular situation in order to determine its appropriate level of privacy. Relevant contextual factors may include, for example, what will be done with the information being revealed, or with whom it is being shared. A young professional may not care if Google knows that she is shopping for adult toys online, but may care a great deal if her colleagues see her leaving the neighborhood adult toy store. Or consider the patient who prefers that his medical record be hidden from the general public but easily accessible to his physician. When the emergency team prepares to resuscitate him, shouldn’t they be able to determine quickly whether he is allergic to the treatment that they are about to administer?
Moreover, the ideal level of privacy cannot be determined without accounting for the particular aspect of life under consideration. Different privacy preferences may emerge in the context of food, parenting, social relationships, or how money is saved and spent. One may prefer more or less privacy in the context of their romantic and sexual life, how their time is spent, or even the organizations they support. Determining the appropriate level of privacy becomes even more complex when context is considered, as every new context presents the opportunity for many potential tradeoffs worth considering in turn.
3 Tradeoffs inherent
There are tradeoffs (costs and benefits) that arise from each decision relating to privacy [8]. In attempting to locate the ideal position on the privacy-to-transparency continuum, choice architects must take into account the pros and cons of each decision. As with all tradeoffs, those relating to privacy imply that when gains are made in one aspect, losses are often suffered in another.
One approach to understanding tradeoffs relates to how one side of a decision can be a benefit to one party, but a cost to another. This is the case, for example, when one party has information that, if disclosed, could have a disproportionate effect on one party over the other. Imagine a married woman who is looking to further her career in a new job, and has recently discovered that she is pregnant. She understands that it is illegal for employers to base their hiring decisions on gender or pregnancy status, but she also realizes that, in reality, this kind of discrimination is sadly commonplace [9, 10]. Indeed, when identical résumés are evaluated (aside from the name or photo of the applicant so that gender can be inferred), females are consistently rated lower than males, and are offered lower starting salaries and support [11, 12]. In fact, even married women are at a disadvantage compared to unmarried women seeking employment [13]. In light of this disadvantage, and in order to protect herself from discrimination, she conceals the fact that she is female, married, and pregnant from new potential employers by only applying to companies that consider résumés blind (with names redacted). She plans to tell her new employer about her pregnancy as soon as she accepts their job offer.
Consider the perspective of the other side of this situation: the employer’s. He cares about his employees’ privacy, and is a conscientious, equal opportunity employer (after all, this is why he has instated the policy of redacting names from résumés when considering applicants). He treats all of his employees well, and rewards them with generous vacation and maternal/paternal leave policies. However, he runs a small company that barely breaks even each month, and must be strategic about how he spends money in order to stay afloat. Each time he hires a new employee, he budgets a substantial amount of money into that additional salary at the expense of other investments. As such, if he were to hire someone who was unable to function in their role immediately upon hiring them, he would benefit from the ability to plan for their absence. That is, he would benefit from knowing that the applicant is pregnant.
In this situation, privacy is most likely to favor the applicant while transparency is most likely to benefit the employer. Both perspectives have legitimate concerns and interests, and neither side has a trace of malicious intent. Yet each side experiences a tradeoff in terms of the chosen level of privacy versus transparency.
There are also cases where tradeoffs may not occur across different agents in one scenario, but across different points in time (or even the same point in time) for the same agent. For example, the woman may be more likely to secure a job if she doesn’t disclose her pregnancy to interviewers, but if she were hired she may then suffer a lack of trust in her new position; her unwillingness to disclose her pregnancy may be interpreted negatively by her supervisor and coworkers, and she may have a difficult time integrating into her new work environment. Indeed, those who hide information (no matter whether the hidden information reflects well or poorly on them) are judged more negatively than those who disclose [14]. Depending on, for example, how long the employee intends to stay in this job, the tradeoff between transparency and privacy may look different for someone planning for the short-term (where reputation may play less of a role) than someone planning for the long-term (where reputation may have long-lasting consequences). In this case, the same decision has both costs and benefits to the same party.
4 Signal detection theory as a means of considering tradeoffs
The situations described involve inherently complex trade-offs and a degree of uncertainty, and Signal Detection Theory [15] has proven to be a useful framework for analyzing such problems. The application of signal detection theory highlights that every decision has both advantages and disadvantages, that every choice involves tradeoffs. The model aids in the definition of these tradeoffs as a first step toward ultimately weighing them against one other.
There are two kinds of errors that emerge from signal detection theory: Misses and False Alarms. To recycle a classic example, a “Miss” is akin to failing to detect something (such as a tumor) that is present when screening for it, whereas a “False Alarm” describes the detection of a tumor that isn’t really there (see Table 1). Once Misses and False Alarms are identified for any particular situation, choice architects can begin to better assess the pros and cons, compare the tradeoffs, and select the best route.
In the signal detection theory model, it is assumed that there is a fixed ideal state of the world, and this assumption is compared to two potential outcomes. For the theory to be applicable, there must be a degree of uncertainty about the ideal state of the world. The government’s decision is based on the imperfect information in its possession, where the “signal” (the true ideal state of the world) is often difficult to detect through the “noise” (incorrect information about the ideal state of the world). Occasionally, and despite their best efforts, choice architects inadvertently misidentify the noise as signal and are faced with a Miss or False Alarm. The role of a choice architect is to correctly detect signals and therefore avoid Misses and False Alarms (Table 1).
Consider, for example, one small but significant slice of life: the amount of taxes that citizens pay. By defining and weighing the Misses and False Alarms related to transparency in taxation and privacy, signal detection theory can be used to evaluate the best approach in terms of what a choice architect (in this case, a government) does with this information. For this example, consider the two extreme ends of the privacy spectrum: publicly posting the tax returns of every citizen online for anyone to see (Publicly posting tax information is an approach taken by Scandinavian countries, and is a practice that even the United States has explored), or keeping this information entirely private, an individual’s tax information known by only the government and the individual. In this example, there are two possibilities of an ideal state of the world: where taxes are either posted publicly or kept private, and there are two potential outcomes: the government’s decision to either post taxes publicly, or keep them private (Fig. 2).
Continuum of Complete Privacy (left) to Complete Transparency (right) in Tax Information
Signal detection theory includes not only two types of errors (Misses and False Alarms, in red in Tables 1 and 2), but also two types of successes, where the choice architect’s decision aligns with the ideal state of the world: Hits and Correct Rejections (in blue in Tables 1 and 2). A “Hit” is when a signal is correctly identified, and a “Correct Rejection” is when the lack of a signal is correctly identified. Table 2 demonstrates two situations where the arbiters of tax privacy policy have made the right decision: where the ideal state of the world is to keep taxes private, and the government decides to keep them private (a Hit for Privacy), and where the ideal state of the world is to post taxes publicly, and the government decides to post them (a Correct Rejection for Privacy) (Table 2).
Table 2 also illustrates two situations where the government has made the wrong decision: where it is too open, and where it is too closed. In the first case, where the ideal state of the world is to keep taxes private, but the government posts them publicly (a Miss), the benefits of privacy are lost. And in the second case, where the ideal state of the world is to post taxes publicly, but the government keeps them private (a False Alarm), the benefits of transparency are lost.
If choice architects accept that they will find themselves in each of these four situations at one point or another (sometimes with a Hit or Correct Rejection, but inevitably also with Misses and False Alarms), then they can decide for each context-dependent decision whether the relative impact of a Miss is higher or lower than that of a False Alarm. Using this framework for considering the tradeoffs inherent in any particular situation, the government can ask which elements to consider as the benefits and costs of privacy, and which to consider as benefits and costs of transparency. When weighing their respective effects, the choice architect can then establish a tolerance level in order to guide decisions related to the desired privacy level to be established for each scenario.
This raises the question: what then, are the benefits and costs of privacy, and what are the benefits and costs of transparency? In order to properly weigh tradeoffs related to privacy and transparency, choice architects should consider the following potential benefits and costs of each, within the context of the situations before them.
5 The benefits of privacy
A recent study by the Pew Research Center in the United States found that the majority of American adults believe it unacceptable for their government to monitor the communications of American citizens. In the same study, 74% of respondents claim it is very important that they are in control of who can obtain information about them [16]. Thus, despite the ubiquity of privacy violations in the U.S. and abroad [17], as well as the “privacy paradox” [18] whereby consumers’ privacy preferences (in strong support of privacy) are misaligned with their behavior (where they often freely disclose their personal information), there is widespread support for the protection of personal privacy as a matter of public interest.
Moreover, privacy protections are legion. Such protections are governed by regulatory institutions in the United States such as the Federal Trade Commission (with its Fair Information Practice Principles, or FIPPs), as well as through legislation such as the Health Insurance Portability and Accountability Act (HIPAA) passed by US Congress in 1996, or the Health Information Technology for Economic and Clinical Health (HITECH) Act, encompassed within the American Recovery and Reinvestment Act of 2009. Internationally, privacy protections are no less common; the Organisation for Economic Cooperation and Development (OECD) created the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in 1980, the European Union published a Data Protection Directive, and the United Nations released its Universal Declaration of Human Rights in 1948, which states that “no one shall be subjected to arbitrary interference with his privacy” (UDHR, Article 12). In academic research, the privacy of study participants is protected by experimenters and overseen by an Institutional Review Board (IRB) that regulates the conduct of researchers in order to protect the interests of participants. One can debate at length the merits, flaws, and efficacy of these respective agencies and policies, or to what extent such systems are operating to their desired effects, but the primary point is that all have been put in place with the stated intention of protecting personal privacies. Given this, one can conclude that privacy is, at the very least, an issue of significance among international governments and institutions. And they are not mistaken in their mission; there are many benefits of privacy. Privacy promotes the protection of human rights, defends from identity theft and related crimes, prevents national security threats, and preserves the right to choose freely. Even more, privacy affords the ability to hide one’s flaws and embarrassing secrets, providing one with the feeling of comfort, assurance, and control.
When the benefits of privacy are lost (a Miss) – when the ideal state of the world is private, but information becomes public, such as in the leaking of a celebrity’s personal sex tape, it is difficult to see the positive side. The benefits of this type of personal privacy appear clear and incontrovertible, and the literature in its defense so expansive [19, 20] that the authors will not attempt to recreate those arguments here. Rather, we turn our focus to the costs of privacy and the complementary benefits of transparency. Importantly, we consider the behavioral effects associated with privacy and transparency, and suggest that these behavioral influences be included as inputs into a choice architect’s model for evaluating privacy decisions.
6 The costs of privacy
Under the protection of privacy, individuals can more easily escape responsibility and accountability for their actions. One can arrive home from work, crumple into the couch, and watch reruns on Netflix without any judgment from the outside world. And yet, there are disadvantages to the unbridled protection of privacy. When banks respect privacy to the extreme, for example, it sets up an invitation for tax evasion, money laundering, and a profusion of financial mischief that could otherwise be prevented by regulators. As former Nebraskan senator Robert Howell noted in the early twentieth century, “secrecy is of the greatest aid to corruption.”
The corrupting feature of privacy is illustrated in Plato’s story of the ring of Gyges, which granted invisibility to its owners. Under the cloak of anonymity, those who wore the ring would use their power to take advantage of others. The invisibility transformed honest people into thieves, as they could not get caught for their bad deeds (see [21]). In this vein, de-individuation, or the displacement from one’s identity, can lead to disinhibition and increased antisocial behavior [22,21,22,23,26]. Such disinhibition is often seen in modern times with internet commenting, for example, where harassment is more common when people can post anonymously, detached from their identity and far removed from personal accountability [27, 28]. In cases like these, where privacy encourages misbehavior, it may be wise for choice architects to consider the benefits of transparency over privacy.
7 The benefits of transparency
When an action is transparent, and can therefore be seen by others, various behavioral effects surface. A few years ago, one of the authors (we won’t disclose which, to protect his privacy) was in Soweto, South Africa, and noticed a father buying a month’s worth of funeral insurance. When the man received the certificate, he ceremoniously accepted it and handed it to his son with great care and meaning. This was an elaborate ritual based on a forward-thinking investment, and demonstrated that he, like many providers, receive appreciation from their families when they engage in visible, transparent actions like this, where their families can plainly see their contribution.
When purchases are made transparent to others — and if these purchases are beneficial to the recipients — the giver is more likely to be rewarded with appreciation and admiration. On the other hand, when actions are private, these actions are less likely to be recognized. When someone plans for retirement or contributes money to a savings account, for example, these acts are largely private, and therefore less likely to be met with appreciation. While this phenomenon is clearly not confined to the village of Soweto, the father’s act is a poignant illustration of how one can turn an invisible, private activity (like getting insurance) into a visible, transparent activity that can be more easily recognized.
By turning private activities into transparent activities, there is not only a reward for engaging in those activities, but people may be more likely to perform those behaviors as a result of the positive reinforcement they receive from others [29]. In a panel conversation (NEJM Catalyst event Patient Engagement: Behavioral Strategies for Better Health, 2016) on the topic of privacy in relation to social incentives that could benefit from a greater degree of transparency, Professor David A. Asch [30] mentioned that he takes his medication in the bathroom, alone, when he brushes his teeth, but notes that his adherence might be improved if he were to move his medication to the kitchen where his medication-taking would be more social, reinforced by the approving gaze of family members. By adding a visible social element to the activity, he suspects, he may be more motivated to take his medication as prescribed. Asch and colleagues argue for incorporating social aspects into home-based medical care as a form of “automated hovering” [31] as a complement to patients’ intrinsic motivation. Not to mention, the concept of social influence is one deeply rooted in the study of human psychology, emerging time and time again in the vast body of literature on behavior change (for an overview, see [32, 33]) which reveals that people are swayed by those that surround them as they seek implicit and explicit approval from others. Harkening back to our discussion of the importance of context, the social-environmental approach to health behavior change adds an ecological element to health promotion [34], highlighting the placement of a person within their full environmental context, including not only biological factors but also “social and familial relationships, environmental contingencies, and broader social and economic trends” [34]. Although the power of social influence is well-established in academic literature, and the fact that people rely on others for cues about how to behave is beginning to be incorporated into the common lexicon, there are still far too few applications of social, transparent activities as a means of encouraging positive behavior [35]. Asch’s medication-taking anecdote is just one example of social visibility having the potential to contribute to the greater good, where the opportunity for a positive feedback loop [36] is high: by turning private activities into transparent activities, they become social and rewardable, and this reinforcement makes people more likely to continue the cycle and persist in the positive behavior. More generally, Asch’s reflection on his medication adherence demonstrates that there are behavioral effects that stem from a situation’s level of privacy and transparency. Greater transparency has been argued for in many domains beyond health, from the terms and conditions of employment [37, 38] and pay [39] to international investments [40]. Regardless of the domain under consideration, the level of transparency has a notable effect on human behavior.
8 Competition as an effect of transparency
One notable behavioral effect of a situation’s level of transparency is that of competition. When activities become less private and more transparent, the ability to compete is introduced. And while there are two sides to the competition coin (dependent on context), first consider saving behavior as an example of the positive side of competition. Years ago, and to this day in some developing agricultural societies, families saved by buying livestock as buffer stock for a rainy day [41, 42]. When families incrementally acquired more wealth, they would buy another goat, and their neighbors could see the savings they were accumulating. Because the saving was transparent, people were able to compete on this dimension and encourage others to build up their savings to likewise prepare for an unexpected financial shock. Whereas transparent actions allow for competition, private actions do not. In modern developed societies, money is more likely to be saved privately (in intangible digital forms) rather than the more public (and tangible) form of cattle and goats. As a consequence, most people don’t know how much others save (if anything), and therefore are unable to compete on saving. Instead, they are left to compete on aspects that are observable, which are more likely to be spending.
9 The costs of transparency
And people are quite talented when it comes to competing on spending. Paradoxically, the same transparency that can encourage competition in saving (for good) can also lead to competition in spending (which is rarely in one’s long-term best interest). Importantly, increased spending — as an effect of transparency-induced competition — is a cost of transparency because it leads to negative outcomes such as unhappiness and bankruptcy. Recent research shows a relationship between income inequality and increased spending, by the rich and — perhaps more surprisingly — also by their non-rich neighbors. When non-rich households are exposed to the higher incomes of their neighbors, they tend to save less, take on more debt, and wind up with greater financial difficulty [43]. In fact, the mere perception of others having higher incomes in one’s social circles leads to an average 10% rise in borrowing [44]. And in cases where people win the lottery, every 1% increase in the lottery prize leads to a 0.04% rise in bankruptcies of the lottery-winner’s neighbors [45]. Conspicuous consumption, or the tendency to flaunt one’s purchases of luxury goods and visible excess [46], is what drives these increases in spending; when spending is transparent, it fuels people to compete, spending above and beyond their means.
The impact of increased spending takes a toll on emotional factors in additional to financial factors. As income rises, the additional utility of each dollar diminishes [47]. There is a diminishing marginal return of money spent on happiness purchased [48,46,50], as shown in the figure below (Fig. 3).
Diminishing marginal return of money spent on happiness purchased
Moreover, a person’s happiness depends, to a large degree, on how much money other people have. Contentment with life comes from one’s relative, not absolute, position in society [51,49,50,54]. And how people feel is largely based on which direction they are looking for comparisons [55,53,57]. Upward social comparisons, where people compare themselves to their more fortunate peers, make people unhappy and motivate them to move upward [58], whereas downward social comparisons, where people compare themselves to those less fortunate, give them a happiness boost and motivate them to ensure that those beneath them remain below [59]. In order to suppress the unhappiness that comes from the natural tendency for upward social comparisons, people do everything in their power to move up the ranks. This “positional treadmill” [60] motivates people to continue pushing forward without gaining any ground, leading to the many perverse consequences of competition [61]. As long as one’s relative position in society is transparent (rather than private), the treadmill effect remains strong. As such, the behavioral costs of transparency include not only the negative effects of increased spending behavior, but also the subjective assessment of well-being.
Given the tendency for people to compare themselves to others on dimensions that are observable, deciding which parts of life to make transparent and which to make private has important implications for creating a healthier society. When choice architects consider the costs and benefits of making one dimension private or transparent, an important element in the equation is whether the selected dimension is one in which competition is desirable. Considered through the lens of signal detection theory, the Misses and False Alarms can be defined: When spending information is made public but should have remained private, it is a Miss, and when saving information is made private but should have remained public, it is a False Alarm. If the choice architect aims for Hits and Correct Rejections, then they may wish to encourage the practice of saving by making the activity more visible, and may want to discourage spending practices by making it less visible. In this way, choice architects can work toward replacing conspicuous consumption with salient saving.
10 Conclusion: Rethinking privacy tradeoffs
Selecting the right degree of privacy involves myriad considerations that are merely touched upon here. This article skims the surface of contextual issues, only begins to weigh the behavioral consequences of the chosen level of privacy, and just broaches the topic of weighing tradeoffs. Nevertheless, the framework presented in this discussion can be applied to many situations.
The authors ignore the most commonly debated privacy tradeoffs, such as those between convenience and privacy (i.e., Facebook’s tailored newsfeed, which automatically presents users with stories most relevant to them), the tradeoff between personalization and privacy (i.e., Google’s targeted messages or optimized search results), the tradeoff between security/safety and privacy (i.e., police wearing cameras to keep them accountable for their actions and preserve an objective history, or cameras that capture crimes taking place), or even the tradeoff between the greater societal good and personal privacy (i.e., potential longer-term societal benefits of sharing health data, personalized medicine) — these values have been the focal point for much discussion about privacy tradeoffs.
Yet, as it has been unraveled in this article, these are not the only privacy tradeoffs to consider. There are numerous benefits and costs related to both privacy and transparency in different contexts, and these tradeoffs often have behavioral ramifications. The transparency of actions, for example, sets the stage for a variety of human motivations, including the allure of competition. In designing decision environments, therefore, the burden is on choice architects to consider context-dependent benefits and costs associated with privacy and transparency, and to use these as inputs within a framework — such as signal detection theory— in order to weigh the inherent tradeoffs and form an optimal solution. And if there are certain aspects of life where choice architects may wish to foster competition (as in the example of saving versus spending), then that behavior should be made transparent. If choice architects tap into the benefits of transparency, and thoughtfully incorporate the motivational effects of transparency into decisions about the ideal level of privacy and transparency, they may make more informed privacy decisions.
References
Moore B. Privacy: studies in social and cultural history. Armonk: E. Sharpe; New York: Distributed by Pantheon Books; 1984.
Zhou YR. Changing behaviours and continuing silence: sex in the post-immigration lives of mainland chinese immigrants in Canada. Cult Health Sex. 2012;14(1):87–100.
Wells Fargo. Financial health. 2014 Retrieved from https://www.wellsfargo.com/about/press/2014/20140220_financial-health/.
Iachello G, Hong J. Understanding users' privacy preferences. Foundations and Trends in Human-Computer Interaction. 2007;1(1):1–137.
John LK. The consumer psychology of online privacy: insights and opportunities from behavioral decision theory. In: Norton MI, Rucker DD, Lamberton C, editors. The Cambridge Handbook of Consumer Psychology. New York: Cambridge University Press; 2015.
John LK, Acquisti A, Loewenstein G. Strangers on a plane: context-dependent willingness to divulge sensitive information. J Consum Res. 2011;37(5):858–73.
Brin D. The transparent society: will technology force us to choose between privacy and freedom? Cambridge: Perseus Press; 1999.
Laufer RS, Wolfe M. Privacy as a concept of a social issue: a multidimensional developmental theory. J Soc Issues. 1977;33(3):22–42.
Blau, F., Ferber, M., & Winkler, A. (2010). Differences in occupations and earnings: the role of labor market discrimination. The Economics of Women, Men and Work. New Jersey: Prentice-Hall, 228-279.
Darity, W., & Mason, P. (1998). Evidence of discrimination in employment: codes of color, codes of gender. The Economics of Women, Men, and Work (6th international ed.). Harlow: Pearson Education.
Marlowe CM, Schneider SL, Nelson CE. Gender and attractiveness biases in hiring decisions: are more experienced managers less biased? J Appl Psychol. 1996;81(1):11.
Moss-Racusin CA, Dovidio FF, Brescoll VL, Graham MJ, Handelsman J. Science faculty’s subtle gender biases favor male students. Proc Natl Acad Sci. 2012;109(41):16474–9.
Donato KM, Piya B, Jacobs A. The double disadvantage reconsidered: gender, immigration, marital status, and global labor force participation in the 21st century. Int Migr Rev. 2014;48:S335–76.
John LK, Barasz K, Norton MI. Hiding personal information reveals the worst. Proc Natl Acad Sci U S A. 2016;113(4):954–9.
Tanner WP Jr, Swets JA. A decision-making theory of visual detection. Psychol Rev. 1954;61(6):401–9.
Pew Research Center. Americans’ views on government surveillance programs. 2015 Retrieved from: http://www.pewinternet.org/2015/03/16/americans-views-on-government-surveillance-programs/
Mathews R. On protecting & preserving personal privacy in interoperable global healthcare venues. Health Technol. 2016;6(1):53–73.
Norberg PA, Horne DR, Horne DA. The privacy paradox: personal information disclosure intentions versus behaviors. J Consum Aff. 2007;41(1):100–26.
Bennett CJ. In defence of privacy: the concept and the regime. Surveill & Society. 2011;8(4):485.
Murphy RS. Property rights in personal information: an economic defense of privacy. Geo LJ. 1995;84:2381.
Allen, RE. The republic (Vol. 5). Yale University Press. 2006.
Diener E. Deindividuation, self-awareness, and disinhibition. J Pers Soc Psychol. 1979;37(7):1160.
Gergen K, Gergen M, Barton WH. Deviance in the dark. Psychol Today. 1973;7(5):129–31.
Johnson RD, Downing LL. Deindividuation and valence of cues: effects on prosocial and antisocial behavior. J Pers Soc Psychol. 1979;37(9):1532–8.
Kieseler S, Sproull L. Group decision making and communication technology. Organ Behav Hum Decis Process. 1992;52:96–123.
Nadler A, Goldberg M, Jaffe Y. Effect of self-differentiation and anonymity in group on deindividuation. J Pers Soc Psychol. 1982;42(6):1127–36.
Kiesler A, Siegel J, McGuire TW. Social psychological aspects of computer-mediated communication. Am Psychol. 1984;39(10):1123–34.
Santana AD. Virtuous or vitriolic: the effect of anonymity on civility in online newspaper reader comment boards. Journal Pract. 2014;8(1):18–33.
Stipek, D. J. Motivation to learn: from theory to practice. 1993.
Asch, DA. Patient engagement: behavioral strategies for better health at the University of Pennsylvania, NEJM catalyst event. 2016. Retrieved from http://catalyst.nejm.org/videos/social-incentives-privacy-removing-friction/
Asch DA, Muller RW, Volpp KG. Automated hovering in health care—watching over the 5000 hours. N Engl J Med. 2012;367(1):1–3.
Cialdini RB, Goldstein NJ. Social influence: compliance and conformity. Annu Rev Psychol. 2004;55:591–621.
Turner JC. Social influence. Milton Keynes: Open University Press; 1991.
Smedley BD, Syme SL. Promoting health: intervention strategies from social and behavioral research. Am J Health Promot. 2001;15(3):149–66.
Cialdini RB. Basic social influence is underestimated. Psychol Inq. 2005;16(4):158–61.
Aknin LB, Dunn EW, Norton MI. Happiness runs in a circular motion: Evidence for a positive feedback loop between prosocial spending and happiness. J Happiness Stud. 2012;13(2):347–55.
Estlund, CL. Just the facts: the case for workplace transparency. 2009.
Irlenbusch B, Sliwka D. Transparency and reciprocal behavior in employment relations. J Econ Behav Organ. 2005;56(3):383–403.
Estlund C. Extending the case for workplace transparency to information about pay. UC Irvine Law Rev. 2014;4:781.
Gelos, R. G., & Wei, S. J. Transparency and international investor behavior (No. w9260). National Bureau of Economic Research. 2002.
Binswanger HP, McIntire J. Behavioral and material determinants of production relations in land-abundant tropical agriculture. Econ Dev Cult Chang. 1987;36(1):73–99.
Herskovits MJ. The cattle complex of East Africa. Am Anthropol. 1926;28(3):494–528.
Bertrand M, Morse A. Trickle-down consumption. Rev Econ Stat. 2013;98(5):863–79.
Georgarakos D, Haliassos M, Giacomo P. Household debt and social interactions. Rev Financ Stud. 2014;27(5):1404–33.
Agarwal S, Mikhed V, Scholnick B. “Does inequality cause financial distress? Evidence from lottery winners and neighboring bankruptcies.” Working Paper; 2016.
Veblen T. The theory of the leisure class. New York: The New American Library; 1899.
Bernoulli D. Exposition of a new theory on the measurement of risk. Econometrica. 1954;22:23–36.
Diener E, Biswas-Diener R. Will money increase subjective well-being? Soc Indic Res. 2002;57(2):119–69.
Frey BS, Stutzer A. What can economists learn from happiness research? J Econ Lit. 2002;40(2):402–35.
Veenhoven R. Is happiness relative? Soc Indic Res. 1991;24(1):1–34.
Duncan OD. Does money buy satisfaction? Soc Indic Res. 1975;2:267–74.
Boyce CJ, Brown GD, Moore SC. Money and happiness: rank of income, not income, affects life satisfaction. Psychol Sci. 2010;21(4):471–5.
Clark A, Friiters P, Shields M. Relative income, happiness, and the Easterlin paradox and other puzzles. J Econ Lit. 2008;46(1):95–144.
Easterlin R. Will raising the incomes of all increase the happiness of all? J Econ Behav Organ. 1995;27:35–47.
Buunk BP, Gibbons FX. Health, coping, and well-being: perspectives from social comparison theory. NJ: Lawrence Erlbaum; 1997.
Buunk BP, Collins RL, Taylor SE, Van Yperen NW, Dakof GA. The affective consequences of social comparison: either direction has its ups and downs. J Pers Soc Psychol. 1990;59:1238–49.
Suls JM, Wills TA. Social comparison: contemporary theory and research. Hillsdale: Lawrence Erlbaum; 1991.
Salovey P, Rodin J. Some antecedents and consequences of social-comparison jealousy. J Pers Soc Psychol. 1984;47:780–92.
Wills TA. Downward comparison principles in social psychology. Psychol Bull. 1981;90:245–71.
Frank, R.H. (1985). Choosing the right pond: human behavior and the quest for status. Oxford University Press.
Frank, RH. (2012). The Darwin economy: liberty, competition, and the common good. Princeton University Press.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Funding
There is no funding source.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
This article is part of the Topical collection on Privacy and Security of Medical Information
Rights and permissions
About this article
Cite this article
Ariely, D., Holzwarth, A. The choice architecture of privacy decision-making. Health Technol. 7, 415–422 (2017). https://doi.org/10.1007/s12553-017-0193-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12553-017-0193-3