Data Protection and Empowering Users to Control Data
This paper examines a monopolist platform's data strategy comprising of data collection and data protection under two different data ownership regimes: one, where users have no control over the amount of data shared with the platform, and the other, where users can set privacy controls, and also, considers the welfare implications of introducing a minimum data protection regulation. Our results highlight that i) empowering users leads to a sub-optimal level of data collection and protection, and ii) combining minimum data protection with empowering users to control data can better achieve the regulator's objective of enhancing consumer welfare