Blockchains and the GDPR pursue similar objectives where they seek to grant users greater control over their personal data. While the latter pursues this goal by imposing duties of care to centralised controllers and collectors of data, blockchains go a step beyond by trying to eliminate these...

Economics offer different but complementary approaches to understanding privacy and security. For this inaugural contribution to the new In Our Orbit department, I was asked to explain briefly their methodological differences and similarities, and why they matter in our thinking about security...

Various identity management solutions are emerging in different jurisdictions, with the goal of creating a unified and privacy-preserving identity management system bridging the offline with the online. Within this trend, the concept of self-sovereign identity has re-emerged. It is a concept...

Companies are under an increasing pressure by policy makers to publicize data breaches. Such notification obligations require announcing the loss of personal data collected from customers, because of hacker attacks or other incidents. While notification is likely to impact on firms' reputation,...

Breaches of the security of personal data collected by firms are reported almost daily. Companies are under an increasing political pressure to notify individuals whose privacy as been breached. At the moment, we know virtually nothing about the behavioral impact of data breach notifications. We...

We analyze personal data protection laws in the United States through the lenses of the economic theories of ex ante safety regulation, ex post liability and information disclosure. Specifically, we consider and contrast how legal and economic theories interpret privacy costs and the remedies to...

Privacy and security tools can help users protect themselves online. Unfortunately, people are often unaware of such tools, and have potentially harmful misconceptions about the protections provided by the tools they know about. Effectively encouraging the adoption of privacy tools requires...