Telecommunications Policy 38 (2014) 1134–1145

Contents lists available at ScienceDirect

Telecommunications Policy
URL: www.elsevier.com/locate/telpol

Big data's impact on privacy, security and consumer welfare

Nir Kshetri n
Bryan School of Business and Economics, The University of North Carolina at Greensboro, Bryan Building, Room: 368, P.O. Box 26165,
Greensboro, NC 27402-6165, USA

a r t i c l e in f o abstract

Available online 14 November 2014 The purpose of this paper is to highlight the costs, benefits, and externalities associated
Keywords: with organizations' use of big data. Specifically, it investigates how various inherent
Big data characteristics of big data are related to privacy, security and consumer welfare. The
Externalities relation between characteristics of big data and privacy, security and consumer welfare
Privacy issues are examined from the standpoints of data collection, storing, sharing and
Security accessibility. The paper also discusses how privacy, security and welfare effects of big
Personally identifiable information data are likely to vary across consumers of different levels of sophistication, vulnerability
Consumer welfare and technological savviness.
Unstructured data
& 2014 Elsevier Ltd. All rights reserved.

1. Introduction

Advancements in telecommunications and computer technologies and the associated reductions in costs have led to an
exponential growth and availability of data, both in structured and unstructured forms. The related phenomenon known as
big data involves various costs, benefits and externalities. Before proceeding, a clarifying definition is offered. Following the
research company Gartner, big data is defined as “high-volume, high-velocity and high-variety information assets that
demand cost-effective, innovative forms of information processing for enhanced insight and decision making” (gartner.com,
2013). Owing to the increasing utilization of big data, it is understandable that there has been a high degree of interest on
this topic. It is argued that 2011 marks the year when big data gained widespread interest (Burrows & Savage, 2014).
Big data is becoming a key source of firms' competitive advantages and national competitiveness. For instance, McKinsey
Global Institute (2013) estimated that annual overall economic gains from big data would be US$610 billion in annual
productivity and cost savings. At the same time, big data's characteristics are tightly linked to privacy, security and effects on
consumer welfare, which have attracted the attention of scholars, businesses and policy makers. For instance, a huge
amount of data means that security breaches and privacy violations are likely to lead to more severe consequences and
losses via reputational damage, legal liability, ethical harms and other issues, which is also referred as an amplified technical
impact (ISACA, 2014). Second, a large proportion of big data entails high-velocity (fast) data such as those related to click-
stream and GPS data from mobile devices, which can be used to make a short-term prediction with high level of accuracies
(Taylor, Meyer, & Schroeder, 2014). Businesses' initiatives to collect such data have met stiff resistance from consumers
(Arthur, 2008; USA Today, 2012). Consumers have expressed growing concern over organizations' data collection methods,
especially the use of tracking technologies, such as cookies and GPS trackers (Table 1). Yet a number of companies are
engaged in questionable data collection and sharing practices. In 2012, a security blogger revealed that Nissan, without
warning the owners, reported location, speed and direction of its Leaf brand cars to websites that other users could access

n
Tel.: þ1 336 334 4530.
E-mail address: nbkshetr@uncg.edu

http://dx.doi.org/10.1016/j.telpol.2014.10.002
0308-5961/& 2014 Elsevier Ltd. All rights reserved.
 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145 1135

Table 1
Principal findings of surveys conducted with businesses and consumers regarding their perceptions of and responses to big data.

Survey conducted by Conducted/released in Sample Major findings

Surveys conducted among businesses

Software specialist, 2012 600 IT and business professionals Data security and privacy raised concerns for 38%
Informatica (Hernandez, 2012)
BARC Institute Second half of 2012 274 business/IT decision-makers 25% respondents expected to encounter data privacy issues
(Germany, Austria, Switzerland, (BARC Institute, 2013).
France, the U.K.)
Information Systems 2013 IT Risk/Reward 2013 Australian and New Zealand IT 5% said that their enterprises were “very prepared” to
Audit and Control Barometer professionals ensure effective governance and privacy. 45% reported
Association (ISACA) “adequately prepared” and 25% “not prepared at all” (CSO
Online, 2013).
Voltage Security April 2013 at InfoSecurity Over 300 senior-level IT and security 76% expressed concerns about inability to secure data in
Europe professionals big data initiatives.
56% reported that they could not start or finish cloud/big
data projects due to security concerns (darkreading.com,
2013).
SAP 2014 (at GSMA Mobile 300 mobile operators, fixed 38% said that security and privacy prevented their
World Congress 2014 in telecomm providers, over-the-top organizations from fully unlocking big data's potential
Barcelona, Spain) players and other executives (SAP, 2014).
Ovum (sponsored by Early 2014 500 IT decision-makers at mid- and 53% were concerned about the security issues in the big
data security firm large-sized organizations (the U.K., data environment (Savvas, 2014).
Vormetric) France, Germany)

Surveys conducted among consumers

Cable Forum 2008 Forum visitors 95% of the respondents said that they would opt out of
(cableforum.co.uk) monitoring (even anonymous) of online activities by a
third party (Arthur, 2008).
Pew Internet & 2012 (March 15–April 3). National survey among 2254 U.S. 30% of smartphone owners said that they turned off
American Life adults location tracking features due to concerns that others
Project. would access this information (USA Today, 2012).
BCG 2013 Global Consumer 10,000 consumers in 12 countries Privacy of personal data was a “top issue” for 75%. Only 7%
Sentiment Survey. were willing to allow their information to be used for
purposes other than it was originally collected (Rose,
Barton, Souza & Platt, 2013).
Ovum 2013 11,000 people across 11 countries 68% would use a do-not-track feature if it was easily
available on a search engine.
Only 14% believed Internet companies were honest about
the use of personal data (Coyne, 2013).

through a built-in RSS reader. Likewise, there are reports that iPhones and Android phones have been secretly sending
information about users' locations to Apple and Google (Cohen, 2013).
Third, data comes in multiple formats such as structured and unstructured. Of special concern is much of the
unstructured data such as Word and Excel documents, e-mails, instant messages, road traffic information and Binary Large
Objects (BLOBs) (e.g., multimedia objects such as images, audio and video), which is sensitive in nature and may contain
personally identifiable information (PII) and intellectual property (IP) (Kelley, 2008; Truxillo, 2013). To take an example, in
2010, an Italian court found three YouTube executives guilty of violating a child's privacy. The child had autism and was
shown being bullied in a YouTube video (Hooper, 2010).
In addition to privacy and security risks of high volume of data from multiple sources, complex data sharing and
accessibility-related issues arise in a big data environment. The existing non-big data security solutions are not designed to
handle the scale, speed, variety and complexity of big data. Most organizations lack systematic approaches for ensuring
appropriate data access mechanisms. The time-variant nature of data flow means that some of these issues are of more
significance during the peak data traffic. For instance, organizations may lack capabilities to securely store huge amounts of
data and manage the collected data during peak data traffic. A peak data flow may also increase the need for outsourcing to
cloud service providers (CSPs). Commenting on these complex challenges, the Commissioner of the U.S. Federal Trade
Commission (FTC) put the issue this way: “The potential benefits of Big Data are many, consumer understanding is lacking,
and the potential risks are considerable” (Brill, 2012, p. 1).
While prior researchers have suggested that big data has brought broad range and scale of ethical issues and questions
(Lane, Stodden, Bender, & Nissenbaum, 2014; Neuhaus & Webmoor, 2012; Nunan & Di Domenico, 2013; Tinati, Halford, Carr,
& Pope, 2014), little is known about the exact nature of these issues. The social and ethical issues are especially relevant due
to the underdeveloped regulations and regulatory infrastructure, which may give rise to consumer exploitation by
businesses. Whereas firms know a great deal about consumer tastes, price sensitivities and their distribution across the
population, most consumers generally lack awareness of various aspects of the firm offerings (Nevskaya, 2012). This
asymmetry may put consumers in a relatively disadvantaged position. Negative welfare effects are especially noted for poor,
1136 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145

unsophisticated and technologically less informed consumers. Some analysts have argued that firms' big data initiatives may
affect the welfare of low-income and minority consumers more negatively (Talbot, 2013).
The paper seeks to shed some light on this complex and puzzling issue. While privacy, security and consumer welfare
issues can be linked with collection, storing, analysis, processing, reuse and sharing of data, the paper analyzes the relation
between big data characteristics and privacy, security and consumer welfare from the standpoints of data collection, storing,
sharing and accessibility. As to the rationale of the focus on collecting and storing, most companies' involvement with big
data has been on these activities due to a steep decrease in the costs of collecting and storing data. In addition, since a key
concern has been with data sharing and accessibility, this paper's analysis also highlights how big data's characteristics are
linked with these issues. IBM's chief scientist of Context Computing Jeff Jonas noted that “[t]he biggest obstacle preventing
companies from taking full advantage of their data is likely outdated information-sharing policies” (Jonas, 2014, para 1).
This article contributes to the literature in at least two ways. First, it offers new insights into how different characteristics
of big data are linked to privacy, security and consumer welfare issues. Due primarily to the newness of this phenomenon,
these issues have not been well documented in the literature. A second contribution is to show how privacy, security and
consumer welfare aspects of big data are linked to collection-, storing-, sharing- and accessibility-related issues.
The paper is structured as follows. It proceeds by first reviewing the findings of surveys conducted to measure
businesses' and consumers' perceptions of and responses to big data. Then big data's costs, benefits and externalities are
analyzed. Next, big data's characteristics are discussed in relation to privacy, security and consumer welfare. It is followed by
a section on discussion and implications. The final section provides concluding comments.

2. Businesses' and consumers' perceptions of and responses to big data

Some representative surveys conducted in a range of countries to measure businesses' and consumers' perceptions of big
data are presented in Table 1. These surveys have indicated that a large proportion of organizations lack preparedness to
address security and privacy issues. Likewise, consumers have expressed concerns about the lack of honesty among
businesses and the potential misuse of personal information.
Despite tremendous economic benefits, big data is not taking off as rapidly as expected. According to an EMC-sponsored
study conducted by IDC, only 0.5% of the world's information was analyzed in 2012 (emc.com, 2012). Another study found
that only a third of the businesses differentiated big data from traditional non-big data, and used distinct tools and
management approaches. The survey also found that about 90% of respondents used conventional databases as the primary
means of handling data (Biddick, 2012). As surveys conducted by Voltage Security and others indicate, due primarily to
privacy and security concerns, organizations have reported a low level of preparedness in managing big data projects. They
have been unable to unlock and utilize big data's potential. Especially smaller firms find it more costly to gain from big data,
which is likely to produce a lead-lag effect between big and small firms.
The surveys have also found that consumers are concerned about potential abuses and misuses of personal data.
Especially businesses' initiatives to collect high-velocity data (e.g., click-stream, GPS data from mobile devices, and social
media usage) have met stiff resistance from consumers. A 2013 national survey conducted in the U.S. by the Pew Internet &
American Life Project found that a large proportion of respondents have taken actions such as turning off location tracking
features (Table 1). Likewise, in a survey conducted by the non-profit Cable Forum 95% of the respondents said they would
opt out of even anonymous monitoring of their online activities by a third party.
A key idea is that businesses store huge volume of personal data so that potential innovative uses can be discovered.
Mayer-Schönberger and Cukier (2013, p. 153) emphasize that “most innovative secondary uses haven't been imagined when
the data is first collected”. However, most consumers are against the secondary uses of their personal data (Table 1).

3. Benefits, costs, and externalities of big data

Crafting policy for big data requires that various costs, benefits and externalities be considered. Big data obviously has a
number of private benefits and positive externalities. There are also social and economic costs and negative externalities.

3.1. Social and economic benefits and positive externalities

Data can help enhance economic efficiency, improve access to social services, strengthen security, personalize services
and make increased availability of relevant information and innovative platforms for communications (Kang, 1998; Smolan
& Erwitt, 2012). For instance, mapping apps provide drivers with real time information about road congestions, which
would allow them to select efficient routes.
Big data can make organizations more efficient by improving operations, facilitating innovation and adaptability and
optimizing resources allocations. For instance, combining and analyzing data from test drives of prototypes, workshop
reports and other sources, BMW detects potential issues and vulnerabilities quickly and eliminates them before new models
are launched. Big data and analytics technology shortened the time to analyze some type of data from several months to a
few days. Timely discovery of the patterns and anomalies in the products and analysis of maintenance and repair data
allowed the company to issue repair instructions on a timely basis, which significantly reduced the number of workshop
visits and the time required to repair (IBM, 2014). Likewise, big data analytics allowed the yogurt company, Dannon to
 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145 1137

forecast the demand of its retailer customers more accurately, which led to higher consumer satisfaction, less wastes, and a
higher profitability (IBM, 2013).
Scientists can use big data in research that can improve human well-being. Huge volumes of information and patient
data have helped detect drug interactions and design and implement optimal drug therapies (healthworkscollective.com,
2014; Smolan & Erwitt, 2012). Information on individual patients available through state and federal health information
exchanges can contribute to effective drug regulation and reduce direct costs of medical expenditures and indirect costs
associated with lower productivity (Abbott, 2013).
Big data can also improve the performance of services provided by government agencies (Lane et al., 2014). For instance,
big data helps law enforcement agencies to deploy resources more efficiently, respond quickly and increase presence in
crime prone areas (Kang, 1998). Big data can also help fight the spread of communicable diseases. For instance, a
retrospective analysis of the 2010 cholera outbreak in Haiti showed that mining data from Twitter and online news reports
could have given the country's health officials an accurate indication of the disease's spread with a lead time of two weeks
(Chunara, Andrews, & Brownstein, 2012).
Firms have access to a large amount of transactional data obtained from a variety of sources. Burrows and Savage (2014,
p. 3) describe such data as a “crucial part of the informational infrastructures of contemporary capitalism”. Such data can be
used to tailor pricing and product offerings, which enhance consumer welfare and increase firms' profits.

3.2. Social and economic costs and potential negative externalities

The creepy factor or big data's revelation of information which may be too intrusive and invasive to personal privacy has
been a concern. It is possible to use non-personal data to make predictions of a sensitive nature such as sexual orientation
and financial status (Daniels, 2013). For instance, researchers have demonstrated that Facebook Likes can be used to
accurately predict highly sensitive personal attributes such as sexual orientation, ethnicity, religious/political views,
personality traits, intelligence, degree of happiness, addictive substance consumption, parental separation, age, and gender
(Kosinski, Stillwell, & Graepe, 2013). Big data also challenges the Fair Information Practices (FIPs), which are an established
set of principles for addressing privacy concerns on which modern privacy laws are based (Rubinstein, 2013, Table 2). Big
data may help firms come up with better advertising/promotional programs and persuasion attempts, which sometimes
could be predatory. Some analysts suggest that firms could determine the probability that someone has suffered from a
serious illness and use that information to market unnecessary insurance policies (Drum, 2013). Others point out that a
medical insurance company can increase premiums in areas with a high incidence of certain diseases (King, 2014). Similarly,
some life insurers reportedly predict life expectancy based on individuals' consumption patterns and use that information to
offer rates, coverage and other services. Likewise, gambling companies can identify problem gamblers and lure them with
free bets (bigdataweek.com, 2014).
Beales, Craswell, and Salop (1981, p. 506) pointed out that consumers often lack ability, desire and motivation to gather
and rationally evaluate optimal amount of information and that they lack essential information-processing skills. However,
the Internet, at least to some extent, has helped to overcome the traditional information asymmetry between producers and
consumers. Consumers employ tools and approaches such as price-watch services, comparison sites and consumer reviews
in order to fight the problem of information asymmetry. Some examples include activities such as liking a brand on
Facebook, and posting reviews on TripAdvisor (Taillard & Glăveanu, 2012).
Prior researchers have found that quality and the number of on-line reviews about a product have positive effects on
consumers' intention to purchase the product (Park, Lee, & Han, 2007). In the U.K. market, price comparison websites, also
known as aggregators accounted for about 33% of all motor insurance sales in 2012 (Breckenridge, Farquharson, & Hendon,
2014). Consumers using aggregators often exhibit a high degree of price sensitivity. Only 7% chose a policy outside of the five
cheapest quotes. In general, the availability of price comparison websites has reduced costs for consumers (Breckenridge
et al., 2014).
This does not imply, however, that the problem of information asymmetry has completely disappeared. For instance,
some price comparison websites allegedly distort information, or provide misinformation in a deliberate attempt to mislead
consumers. In order to understand this better, it would be helpful to return to the example of the U.K. motor insurance
market discussed earlier. The cheapest quotes often filter to a prominent position in search results and appear at the top of a
price comparison website, which are highly likely to be accepted (Breckenridge et al., 2014). In the U.K., Google provides
comparison services for car and travel insurance, credit cards, mortgages and bank accounts. Major comparison sites argue
that Google gives undue prominence to its own services in search results (Norman, 2014).
Consumers also differ in the extent to which they can fight against businesses' potential informational advantage. A U.S.
White House review found that government agencies and businesses could use big data to unfairly discriminate against
certain classes of persons on housing, employment and other issues (Sullivan, 2014). Microsoft's principal researcher, Kate
Crawford pointed out that low-income and minority shoppers are likely to face discrimination and be targeted by the sellers
of inferior products such as sub-prime loans (Talbot, 2013). Likewise, there is a possibility that social media usage can be
analyzed as indicators for future behaviors to determine honesty, responsibility, and trustworthiness required to be a
productive employee or a potential credit risk (Brill, 2012).
Regarding the differential welfare effects on sophisticated and unsophisticated consumers, the median voter theory,
developed and refined by Hotelling (1929), Smithies (1941), Black (1958), Downs (1957) and Abrams and Kenneth (1987) is
1138 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145

Table 2
Big data characteristics in relation to security, privacy and welfare concerns.

Characteristic Explanation Collection/storing Sharing/accessibility by third parties and

various user types

Volume Huge amount of data is created from a wide
range of sources such as transactions,
unstructured streaming from text, images,
audio, voice, VoIP, video, TV and other
media, sensor and machine-to data.
 High data volume would likely attract a  Firms may need to outsource to CSPs
great deal of attention from which may give rise to privacy and
cybercriminals. security issues.
 Amplified technical impact
 Violation of transparency principle
of FIPs.
 Likely to provide a set of information
about the consumer required for a more
advanced form of price discrimination.

Velocity (Fast Some data is time-sensitive for which speed
Data) is more important than volume. Data needs
to be stored, processed and analyzed
quickly.
 Increasing consumer concerns over
privacy in the context of behavioral
advertising based on real-time profiling
and tracking technologies such as
cookies.
 Violation of the individual participation
principle of FIPs.
 Increase in the supply and demand of
location-based real time personal
information, which has negative
spillover effects (e.g., stalking people in
real time).
 Physical security risks.

Variety Data comes in multiple formats such as
structured, numeric data in traditional
database and unstructured text documents,
e-mail, video, audio, financial transactions.
 Unstructured data is more likely to
conceal PII.
 A large variety of information would
make it more difficult to detect security
breaches, react appropriately and
respond to attacks (freepatentsonline.
com, 2003).
 Most organizations lack mechanisms
to ensure that employees and third-
parties have appropriate access to
unstructured data and they are in
compliance with data protection
regulations (Varonis Systems, 2008).

Variability Data flows can vary greatly with periodic
peaks and troughs. These are related to
social media trends, daily, seasonal and
event-triggered peak data loads and other
factors.
 Organizations may lack capabilities to  Peak data traffic may cause higher
securely store huge amounts of data needs to outsource to CSPs which give rise
and manage the collected data during to important privacy and security issues.
peak data traffic.
 Attractiveness as a crime target
increases during peak data traffic.

Complexity Data comes from multiple sources which
require linking, matching, cleansing and
transforming across systems.
 Resulting data is often more personal  A party with whom de-identified
than the set of data the person would personal data is shared may combine
consent to give. data from other sources to re-identify.
 Data collected from illicit sources is  Violation of the security provision
more likely to have information on of FIPs.
technologically less savvy consumers,
who are likely to suffer a more negative
welfare effect than technologically more
savvy consumers.

of interest. These authors have specified the conditions and mechanisms under which competition between political parties
would lead to an outcome that favors the median voter. Extending a median voter model in the context of big data,
Strahilevitz (2013, p. 2032) predicted that the U.S. laws will “systematically favor the interests of sophisticated consumers,
which are congruent with those of data miners, since sophisticated consumers are on the whole more politically engaged
people who pay attention to legislative policy proposals and vote their interests”. Note that sophisticated consumers tend to
be wealthier, better-educated and have a higher tendency to vote. These consumers arguably think they will lose nothing
from policies that allow firms to access their data (Strahilevitz, 2013) and are likely to make the necessary efforts to fight
against businesses’ informational advantage. Some argue that the general public outside this group may not necessary be a
“winner“ in economic or other terms in corporations’ big data initiatives that rely on “data accessibility and manipulation”
(Allen, 2013, p. 247). Others maintain that gains associated with data-driven personalization primarily accrue to businesses
that are resourceful and can see clear benefits of big data (The Aspen Institute, 2010).

4. Characteristics of big data in relation to privacy, security and consumer welfare

Despite its widespread use, there is no rigorous and universally accepted definition of big data (Mayer-Schönberger &
Cukier, 2013). Einav and Levin (2013) noted that big data involves the availability of data in real time, at larger scale, with
less structure, and on different types of variables than previously used. In Gartner's three Vs: volume, velocity and variety,
the software company, SAS, has suggested two additional big data dimensions: variability and complexity (sas.com, 2013).
 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145 1139

As presented in Table 2, the various characteristics or dimensions of big data identified by Gartner and SAS are tightly linked
to privacy, security and welfare issues. For instance, in order to create highly customized offerings (e.g., Target's offering
based on a “pregnancy prediction score”), a company may need to mine a huge amount (volume) of structured and
unstructured (variety) data from multiple sources (complexity). In some cases, this process may also involve the use of high
velocity data.
Regarding data sharing and accessibility issues, outsourcing to CSPs and utilization of other third party tools, services and
applications are critical for creating and capturing value. A major consideration is possible security breaches associated with
outsourcing. According to Trustwave, 64% of security breaches in 2012 involved outsourcing providers (IFM, 2013). Since
most organizations are not in a position to build a complete big data environment in-house (Wood, 2013), a reliance on CSPs
becomes inevitable for analytical, storage and other needs. Prior research indicates that a number of key considerations
need to be addressed in decisions related to outsourcing to CSPs (Kshetri, 2013). First, most CSPs are bigger than their clients
and deal with higher data volumes. Information stored in the cloud is a potential gold mine for cybercriminals. Storing data
in the cloud does not remove organizations' responsibility for protecting both from regulatory and reputational perspectives
(Wood, 2013). In general it is often cloud user organizations' (CUOs) responsibility to make sure that personal data are
protected and are only used according to legal provisions. In Italy, for instance, CSPs take only the role of processor and are
only part of the processing carried out by CUOs (Mantelero, 2012).
Second, some regulators have expressed concern that CSPs might use clients' data for their own benefits and violate
privacy. For instance, in 2013, Sweden's data protection authority, Datainspektionen asked Salem Municipality to stop using
Google Apps, e-mail and calendar services. Datainspektionen argued that Google writes the contract and sets the rules for
handling information and has too much room to use the data for purposes other than specified by the municipality (Tung,
2013). Datainspektionen was concerned that the agreement gave Google too much power to process personal data for its
own potential benefit.

4.1. Volume

An organization is often required to store all data in one location in order to facilitate analysis. The higher volume and
concentration of data makes a more appealing target for hackers. Moreover, a higher data volume increases the probability
that the data files and documents may contain inherently valuable and sensitive information. Information stored for the
purpose of big data analytics is thus a potential goldmine for cybercriminals, which, as noted earlier, lead to an amplified
technical impact (ISACA, 2014).
If inappropriately used, information contained in huge data volume may lead to psychological, emotional, economic, or
social harm to consumers. For instance, big data predictive analysis may improve the accuracy of predictions of a customer's
purchasing requirements or preferences. Highly customized offerings based on predicted preference and requirement data
may, however, lead to unpleasant, creepy and frightening experiences for consumers. This phenomenon is also referred as
predictive privacy harm (Crawford & Schultz, 2013). The example most often cited is that of a man's high school aged
daughter tracked by the U.S. retailer, Target. The company's pregnancy prediction score indicated that she was pregnant
before her father knew and sent promotional mails for products that pregnant women need (Duhigg, 2012).
The availability of a huge amount of data also increases the possibility that personal data can be put to new uses to create
value. The U.S. FTC Commissioner pointed out the possibility that firms, “without our knowledge or consent, can amass large
amounts of private information about people to use for purposes we don't expect or understand” (Brill, 2013). Such uses
often violate the transparency principle of FIPs (Teufel, 2008).
A huge data volume is also related to the demand or even the necessity of outsourcing. An issue of more pressing concern
is determining relevance within large data volumes and how to use analytics to create value from relevant data. Firms may
thus rely on CSPs for analytic solutions.
There are also positive and negative welfare effects of huge data volume. Using such data, a firm can offer distinct
products to different groups through quality discrimination or versioning and charge differential pricing (Clemons & Hitt,
2000; Varian, 1997), which is especially effective for information goods (e.g., books, journals, computer software, music and
videos). One way consumers may benefit from more advanced price discrimination as discussed above is as a result of a
reduction of deadweight losses. For instance, if the price of a movie/music is outside a consumer's affordability range and if
the supplier lacks the ability to price discriminate, the difference between the price the consumer is willing to pay and the
marginal cost of a copy of the movie/music represents deadweight loss (Liebowitz & Margolis, 2005). With an advanced
price discrimination strategy, the supplier can bring the price within the affordability range and thus overcome the
inefficiencies associated with deadweight losses.
In a differential pricing strategy, some consumers pay higher prices if they have ability and willingness to do so. In the
non-big data environment marketers mainly relied on exogenous and observable characteristics of the consumer such as
membership in certain social/demographic groups, zip code, age and gender as variables that were likely to be correlated
with ability and willingness to pay (Varian, 1997). Big data analytics would help identify variables with a much higher
correlation than is obtainable from the non-big data techniques and design offerings and set prices based on such variables.
Preliminary evidence reported by Shiller (2013) indicated that by using demographic variables (e.g., ace, age, income,
children, population density of residence) as well as variables derived from web-browsing histories to tailor prices, Netflix
can increase variable profits by 1.39% higher than non-tailored second degree price discrimination (based on quantity
1140 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145

demanded). The analysis also indicated that the use of only demographic variables to tailor prices raises profits by only 0.14%
compared to that attainable under second degree price discrimination. If Netflix used what Shiller referred as the first
degree price discrimination, some consumers would be charged more than twice as much as others.
As another example, Orbitz allegedly up-charged Apple's Mac users, who, according to its data spend up to 30% more on
hotels than Windows users. It reportedly offered them costlier travel options (Mattioli, 2012).
New technologies are being introduced that would help firms maximize revenues and profits and reduce deadweight losses.
In 2013, Google received a patent on a technology that allows companies to dynamically price electronic contents based on
consumer profiles. If the technology determines that a consumer is more likely to buy an e-book than an average consumer,
he/she is subject to a higher base price. It adjusts the price down as an incentive for consumers with a lower probability to
purchase. A consumer may not realize that he/she is paying more than others for an identical product (Fertik, 2013).

4.2. Velocity

Various examples of high-velocity or fast data were discussed earlier. The quickly degrading quality of real-time data is
noteworthy (scaledb.com, 2012). In particular, clickstream data (clickpaths), which constitute the route chosen by visitors
when they click/navigate through a site, is typically collected by online advertisers, retailers, and ISPs. The fact that such data
can be collected, stored, and reused indefinitely poses significant privacy risks (Skok, 2000). Some tracking tools can
manipulate clickstreams to build a detailed database of personal profiles in order to target Internet advertising (CDT, 2000).
An important use of big data is real-time consumer profile-driven campaigns such as serving customized ads. For
instance, location tracking technologies allow marketers to serve SMS and other forms of ads based on real-time location.
This process often involves passive data collection without any overt consumer interaction. The lack of individual consent
for the collection, use, and dissemination of such information means that such a practice violates the individual
participation principle of FIPs (Teufel, 2008).
Recent studies show that there is an increasing consumer concern over privacy in the context of real time behavioral
advertising and tracking technologies such as cookies (Cranor, Arjula, & Guduru, 2002; King & Jessen, 2010). In the U.S.,
consumer complaints related to unauthorized consumer profiles creation increased by 193% from 2007 to 2008 (Gomez,
Pinnick, & Soltani, 2009). The Internet advertising firms DoubleClick and Avenue A, the software firm, Intuit and the web-
tracking firm Pharmatrak have faced lawsuits for using cookies to target advertising.
Big data initiatives have led to an increase in both the supply and demand of location-based real time personal
information. Data created and made available for use in the implementation of big data initiatives also have negative
spillover effects. Particularly, the availability of location information to third parties may have some dangerous aspects. One
example is the use of location data for stalking people in real time. For instance, the iOS app Girls Around Me,1 which was
developed by the Russian company I-Free, leveraged data from Foursquare to scan and detect women checking into a user's
neighborhood. The user could identify a woman he liked to talk, connect with her through Facebook, see her full name,
profile photos and also send her a message. The woman being tracked however would have no idea that someone was
“snooping” on her (Bilton, 2012). As of March 2012, the app was downloaded over 70,000 times (Austin & Dowell, 2012).
There is also a physical risk of (near) real time data. In China, for instance, illegal companies buy databases from
malicious actors and provide services to their clients, which include private investigation, illegal debt collection, asset
investigation, and even kidnaping (Yan, 2012).

4.3. Variety

By combining structured and unstructured data from multiple sources, firms can uncover hidden connections between
seemingly unrelated pieces of data. In addition to the amount, a high variety of information in big data makes it more
difficult to detect security breaches, react appropriately and respond to attacks (freepatentsonline.com, 2003).
One estimate suggested that only about 10% of available data is in a structured form (e.g., transactional data on
customers, time-series data from statistical agencies on various macroeconomic and financial indicators) which can be
presented in rows and columns (Gens, 2011). Especially because of the relative newness, most organizations lack capability
to manage unstructured data, which arguably contains more sensitive information. Processes and technology solutions for
securing unstructured data are still in nascent phase and governance issues are not addressed (Varonis Systems, 2008).
For instance, organizations often lack mechanisms to ensure that permanent and temporary employees and third-parties
have appropriate access to unstructured data and they are in compliance with data protection regulations (Varonis Systems,
2008). In a survey conducted by Ponemon among IT professionals, only 23% of the respondents believed that unstructured
data in their companies was properly secured and protected (Fonseca, 2008). Another study of DiscoverOrg indicated that
over 50% of organizations were not focused on managing unstructured data and only 20% had unstructured data governance
processes and procedures (Rosenbush, 2014).

1
In March 2012, Foursquare revoked API access to the app, which forced the developers to pull the product from Apple's iTunes Store (Austin & Dowell,
2012).
 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145 1141

4.4. Variability

The variability characteristic is related to the time-variant nature of security and privacy risks. The volume of data
collected and stored, which need protection, will grow during the peak data collection and flow periods. It is during such
periods that organizations may lack internal capacity and tools to manage and protect information. A related point is that
the attractiveness as a crime target is high during such periods. In December 2013, Target announced that its high-profile
security breach, which compromised 40 million credit and debit-card accounts and 70 million people‘s personal data,
occurred during the peak holiday shopping season from November 27 to December 15. The virus tried to steal card data
during peak customer visit times (10 AM–5 PM local times) of target stores (Yadron, 2014).
The variability characteristic of big data may also necessitate the outsourcing of hardware, software and business-critical
applications to CSPs. Applications such as ERP and accounting systems are required to be configured for peak loads during
daily and seasonal business periods or when quarterly and annual financial statements are prepared.

4.5. Complexity

Big data often constitutes aggregated data from various sources that are not necessarily identifiable. There is thus no
process to request the consent of a person for the resulting data, which is often more personal than the set of data the
person would consent to give (Pirlot, 2014). A related privacy risk involves re-identification. It is possible to use a data
aggregation process to convert semi-anonymous or certain personally non-identifiable information into non-anonymous or
personally identifiable information (ISACA, 2014). Health-related data is of special concern. Based on a consumer's search
terms for disease symptoms, online purchases of medical supplies, and RFID tagging of drug packages can provide marketers
with information about the consumer's health (Talbot, 2013). Access to such information would enable an insurance
underwriter to predict certain disease and disorder probabilities, which would not be possible using information voluntarily
disclosed by consumers.
Firms also use data obtained from various sources to ensure that they serve only profitable markets. For instance, U.S.
federal regulations do not allow financial institutions to discriminate in the pricing of and access to credits based on
personal attributes such as racial, ethnicity or other characteristics. Technological advancements have made possible for
lending companies to mine online and offline data and make offers only to populations with credit attractiveness (Singer,
2012). The U.S.-based predictive analytics company eBureau (http://www.ebureau.com) uses custom scoring algorithms to
develop “eScores”, which predict an individual's likelihood of becoming a profitable or a money-losing customer. This allows
financial institutions to undertake targeted marketing campaigns that exclude people with low credit scores. This means
that customers that are determined to be potential money-losing by eScores may not even realize the availability of loans
from some leading financial institutions to help them with personal or professional development (Singer, 2012).
Many of the innovations involving big data use multiple data sources and involve transferring data to third parties
(Lenard & Rubin, 2013). A study of the Direct Marketing Association indicate that over US$150 billion in marketing services
could be generated using individual-level data as a key component and over 70% of such services would require exchanging
data among firms in the value delivery network (Deighton & Peter, 2013). Many organizations believe that making data
anonymous before sharing with third parties would make it impossible to identify. This is often a convenient but possibly
false assumption. Researchers have presented a variety of methods and techniques that can be used to de-identify personal
data and reassociate with specific consumers (Brill, 2012). Big data processes can generate predictive models that have a
high probability of revealing PII (Crawford & Schultz, 2013) and thus make anonymization impossible. Failure to protect PII
and unintended or inappropriate disclosure violate the security provision of FIPs (Teufel, 2008). In some cases, the identified
person may suffer physical, psychological, or economic harm. For instance, in 2011, customers of the U.S. drugstore
Walgreens filed a lawsuit accusing the drugstore of illegally selling medical information from patient prescriptions.
Walgreen allegedly sold the prescription information to data mining companies, which de-identified the data and then sold
to pharmaceutical companies. The plaintiffs argued that Walgreens unfairly benefitted from the commercial value of their
prescription information (Manos, 2011).
Some data may come from illicit sources. One example is the criminal outfit, Superzonda, which allegedly sent 30–40
million spam e-mails a day in the early 2000s (Sullivan, 2003). Superzonda's most profitable venture was to provide
information on consumers interested in a product (e.g., mortgage) to legitimate businesses for lead generation. Each
package of data (consisting of name, phone number, address, amount of loan desired and current home value) was
reportedly sold to mortgage companies for US$20 (Sullivan, 2003). Less sophisticated and vulnerable consumers are more
likely to be fooled by the tricks of illicit actors such as Superzonda.

5. Discussion and implications

This paper has established explicit connections of privacy, security and welfare with key dimensions of big data and
linked them with collection, storing, sharing and accessibility issues. It has demonstrated how risks associated with owning
and storing data are likely to increase with the size, variety and complexity of data. For instance, the extent and nature of
risks involved differ across data types (e.g., often high risk in unstructured data), source of data (higher risks for data
obtained from illicit sources) and volume of data. The case of Target also indicates that a firm is subjected to higher risks
1142 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145

during peak data traffic periods. In order to create value from big data, it is important to share and make data accessible to
various entities. However, an organization is often responsible for any wrongdoing by third parties and various user types
such as permanent and temporary employees, business partners and CSPs.
It is clear from Table 1 that big data presents different concerns and issues for IT professionals in organizations and
consumers. IT professionals often emphasize on the risks and effects of security breaches and misconducts by external
parties and insiders. Organizations' goals are to avoid fines, potential lawsuits, and reputation damage. Consumers on the
other hand tend to worry most about what they consider businesses' questionable or unethical practices, which are not
necessarily illegal. This is a critical issue from the public policy point of view because businesses seem to have a tendency to
ignore consumers' desires for privacy. These differences are likely to result in strong pressure on the governments to
intervene. Governments are likely to be forced to recognize the necessity for reasonable regulatory safeguards to protect the
public interest of privacy and the development of higher privacy standards.
Proactive risk management also requires a deeper understanding of the root causes of risks. It is important to have
detailed information on all the parties (employees and administrators of cloud vendors) who have access to an
organization's data. Illicit and gray area businesses accessing data on consumers is not an uncommon practice. For instance,
in 2008, Phorm signed deals to place its tracking software in the networks of three British ISPs, BT, Virgin Media and
TalkTalk. Phorm had access to the datastream of all users. The Company previously operated 121Media and distributed a
program known as PeopleOnPage, which was classified as spyware by the IT security company, F-Secure (Arthur, 2008).
While non-big data issues are still relevant and continue to attract the attention of privacy activists and security experts,
new issues arise in the big data context. Location information, which is a key component of high velocity data, is an issue
that is a cause of concern. Not only real time, but also time-lagged or asynchronous location identification information may
have potentially dangerous consequences. In this regard, while smart phones and camera are equipped with increasingly
powerful and user-friendly packages and programs, their security features are often designed only for technologically
sophisticated users. In order to illustrate this, the photos and videos posted online that are taken with GPS-equipped
smartphones and digital cameras can be considered. There are concerns about privacy and safety since these photos and
videos may contain location data, which are not visible to most viewers. Disabling the geotag feature in some GPS-equipped
smartphones and digital cameras is complicated for casual users. A staff technologist at the Electronic Frontier Foundation
noted that “ the only way you can turn off the function on your smartphone is through an invisible menu that no one really
knows about” (Murphy, 2010). One way to address these concerns would be to incorporate security and privacy oriented
features in cellphones and other technologies.
In theory, by mining personal data, firms may be able to realize lower production costs and deliver higher value to
customers by lowering prices and other means. Some businesses, however, have come up with tactics and strategies that are
more sophisticated and exceedingly difficult for consumers to counter. Nonetheless, it is important to note that firms are
entitled to derive a profit from their activities under a capitalist market system as long as they do not violate provisions such
as non‐discrimination, equal‐opportunities, and equal treatment. While the price discrimination examples discussed above
(e.g., Orbitz, Netflix) may appear outrageous to some user groups, such strategy may benefit a number of consumers and
even lead to an increase in the total consumer surplus.
One reason why less sophisticated consumers may not be benefiting as much as they could from big data is that they often
lack knowledge about how businesses are using their information; they are dispersed, unorganized and uninterested in
exercising their democratic and political rights. They lack the ability to respond to marketers' unfair or deceptive information
collection and use practices. They are thus less likely to bring strong and focused pressure on the government and businesses.
Prior research indicates that political processes tend to have built-in biases that often favor organized groups compared to those
that are unorganized (Mitra, 1999). Organizational, inter-organizational and national measures are needed to put pressures to
firms to utilize big data in such a way that they consider the interests of the majority of consumers. The case of customers'
lawsuit against the U.S. drugstore Walgreens indicates that there is increasing consumer awareness of potential data misuses or
abuses. These actions are also likely to drive legal and regulatory developments in this area.
The big data industry has grown up in what many consider a regulatory gray area. The seriousness of this issue is
increased by the fact that regulations do not adequately protect consumers from the revelations of their information by
advertisers, particularly if such information is not technically PII. Moreover, ethical standards and codes of conduct are not
well established. Most companies also lack best practices and privacy policies to stop revelations of sensitive information.
What is more disturbing is that in some cases, illicit and gray area actors essentially draw on the same data sets and
information as legitimate users. Due to the lack of regulations and guidelines, some dangerous, creepy and annoying
practices of the uses of consumer information are not necessarily illegal. For instance, in a statement provided to the Wall
Street Journal, I-Free said that Girls Around Me provides nothing more than data that was publicly available on Foursquare
and Facebook (Austin & Dowell, 2012). By engaging in actions such as lawsuits, filing of complaints with regulatory bodies
and applying formal pressures on businesses to use big data responsibly and ethically, consumers can help develop favorable
formal and informal institutions around big data.

5.1. Future research

Before concluding, several potentially fruitful avenues for future research are suggested. First, laws and regulations
governing key aspects of big data differ across countries. For instance, while Sweden's Datainspektionen was against using
 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145 1143

Google's services, Norway exhibited a more relaxed attitude. In 2012, Norwey's data protection authority, Datatilsynet
approved local municipalities' use of Google Apps and Microsoft's Office 365 except for handling personal information
(Tung, 2012). An area of future research is to analyze how and why privacy- and security-related institutional pressures
faced by organizations in the big data environment vary across countries.
Most of the current discussion on this subject has been focused on industrialized countries (e.g., respondents in surveys
reported in Table 1). One commentator noted that about 90% of the discussion at the 2013 Internet Governance Forum (IGF)
held in Bali, Indonesia, referred to big data as a surveillance tool. At the same time, the debate focusing on developing
countries treated big data as a means to observe people to fight poverty. The argument provided by IGF participants was
that data can help provide access to clean drinking water, healthcare and other necessities. Some have challenged this view
and noted that poor people have no less reason than rich people to be worried about surveillance (linnettaylor, 2013).
Consequently, future research and policy should look at businesses' and consumers' perceptions of privacy and security
issues associated with big data in developing countries.
One issue that was raised in this article but not fully developed concerns firms' unwillingness to use big data due partly
to privacy and security concerns. In this regard, a final area of future research concerns an analysis of how privacy- and
security-related barriers have hindered firms' big data initiatives and how these issues could be addressed. Future research
could also seek to identify how such concerns are linked with key characteristics of big data. Future research is also needed
to explore which big data-related activities and processes (e.g., collection, storing, analysis, processing, reuse and sharing)
are of key concerns.
Finally, future research might also explore big data-led price discrimination through the lens of a rational choice theory of
group solidarity (e.g., Hechter, 1988). For instance, consider the group of customers with an ability to pay a higher price than the
average consumer. It may be in the interest of this group to pay a higher price to ensure the continuous production of a good or
service under consideration. However, whereas the state can impose coercive measures to force this group to pay more for public
goods, the types of mechanisms and processes involved in big data-led price discrimination are not clear.

6. Concluding comments

Big data has some intrinsic features that are tightly linked to a number of privacy, security and welfare concerns.
Moreover, these concerns are linked with the collection and storing of data as well as data sharing and accessibility by third
parties and various user types. Overall firms' uses of big data raise a wide range of ethical issues because they may lead to
potential exploitation of consumers and disregard their interests and sometimes firms even engage in deceptive practices.
As the above discussion has already pointed out, while consumers' decisions to withhold information may hinder the ability
of the society to benefit from big data, consumers are also rightly concerned about potential abuses and misuses of their
information. Regarding the privacy issues, consumers are often uncomfortable and embarrassed when they feel that
companies know more about them than they are willing to voluntarily provide.
Big data is likely to affect welfare of unsophisticated, vulnerable and technologically unsavvy consumers more negatively.
Such consumers may lack awareness of multiple information sources and are less likely to receive up to date and accurate
information about multiple suppliers in a manner that facilitates effective search and comparisons. They are also not in a
position to assess the degree of sensitiveness of their online actions and are more likely to be tricked by illicit actors.
A number of uses of big data currently fall into a regulatory gray area. Due to the underdeveloped regulatory institutions,
there is a need to have a firm-level big data policy, which must take into account the degree of sensitivity of information
used in predictive modeling. Yet most organizations have not developed best practices to ensure privacy and security of
customer data. There is also the question of whose welfare, preferences and opinions are to prevail in the formulation of big
data related laws and policies in the future. The increasing consumer concerns are likely to force further regulatory response
to ensure that consumers' interests are protected.

Acknowledgment

Two anonymous JTPO reviewers' comments on earlier versions helped to improve the paper substantially.

References

Abbott, R. (2013). Big data and pharmacovigilance: Using health information exchanges to revolutionize drug safety. Iowa Law Review, 99(1), 225–292.
Abrams, B. A., & Kenneth, A. L. (1987). A median-voter model of economic regulation. Public Choice, 52, 125–142.
Allen, A. L. (2013). Privacy law: Positive theory and normative practice. Howard Law Journal, 56(3), 241–251.
Arthur, C. (2008, March 6). Phorm fires privacy row for ISPs. Retrieved from 〈http://www.theguardian.com/technology/2008/mar/06/internet.privacy〉.
Austin, S., & Dowell, A. (2012, March 31). ‘Girls around me’ developer defends app after foursquare dismissal. Retrieved from 〈http://blogs.wsj.com/digits/
2012/03/31/girls-around-me-developer-defends-app-after-foursquare-dismissal/〉.
BARC Institute (2013). Big data survey Europe, usage, technology and budgets in European best-practice companies. Wuerzburg, Germany. February.
Beales, H., Craswell, R., & Salop, S. C. (1981). The efficient regulation of consumer information. Journal of Law and Economics, 24, 491–539.
Biddick, M. (2012). Research: The big data management challenge. InformationWeek. Retrieved from 〈http://reports.informationweek.com/abstract/81/
8766/business-intelligence-and-information-management/research-the-big-data-management-challenge.html〉.
bigdataweek.com. (2014). Gambling and big data: A safe bet? Retrieved from 〈http://bigdataweek.com/2014/01/15/gambling-and-big-data-a-safe-bet/〉.
1144 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145

Bilton, N. (2012). Girls around Me: An app takes creepy to a new level. Retrieved from 〈http://bits.blogs.nytimes.com/2012/03/30/girls-around-me-ios-app-
takes-creepy-to-a-new-level/〉.
Black, D. (1958). The theory of committees and elections. Cambridge: Cambridge University Press.
Breckenridge, J., Farquharson, J., & Hendon, R. (2014). The role of business model analysis in the supervision of insurers. Bank of England Quarterly Bulletin,
54(1), 49–57.
Brill, J. (2012, March 2). Big data, big issues. Fordham University School of Law. Retrieved from 〈http://www.ftc.gov/public-statements/2012/03/big-data-big-issues〉.
Brill, J. (2013). Demanding transparency from data brokers. Washington post opinions. Retrieved from 〈http://www.washingtonpost.com/opinions/
demanding-transparency-from-data-brokers/2013/08/15/00609680-0382-11e3-9259-e2aafe5a5f84_story.html〉.
Burrows, R., & Savage, M. (2014). After the crisis? Big data and the methodological challenges of empirical sociology. Big data & society, April–June, 1–6.
CDT (2000).CDT's guide to online privacy. Center for Democracy & Technology, Retrieved from 〈http://www.cdt.org/privacy/guide/start〉.
Chunara, R., Andrews, J., & Brownstein, J. (2012). Social and news media enable estimation of epidemiological patterns early in the 2010 Haitian cholera
outbreak. American Journal of Tropical Medicine and Hygiene, 86, 39–45.
Clemons, E. K., & Hitt, L. M. (2000). The Internet and the future of financial services: transparency, differential pricing and disintermediation. Retrieved from
〈http://econpapers.repec.org/paper/woppennin/00-35.htm〉.
Cohen, A. (2013, February 4). Will ‘stalking apps’ be stopped?. Retrieved from 〈http://ideas.time.com/2013/02/04/will-stalking-apps-be-stopped/〉.
Coyne, T., (2013, September 30). Avoiding the big data crisis: Managing disclosure. Retrieved from 〈http://in2.holmesreport.com/2013/09/avoiding-th
e-big-data-crisis-managing-disclosure/〉.
Cranor, L. F., Arjula, M., & Guduru, P. (2002). Use of a P3P user agent by early adopters. In WPES '02 Proceedings of the 2002 ACM workshop on privacy in the
electronic society (pp. 1–10).
Crawford, K., & Schultz, J. M. (2013). Big data and due process: Toward a framework to redress predictive privacy harms. New York University public law and
Legal theory working papers. Paper 429. Retrieved from 〈http://lsr.nellco.org/nyu_plltwp/429/〉.
CSO Online (2013, November 22). Big data policies lacking in Australian and New Zealand organisations: Survey. Retrieved from 〈http://www.cso.com.au/
article/532590/big_data_policies_lacking_australian_new_zealand_organisations_survey/〉.
Daniels, B. L. (2013, September 26). Big data, big trouble? Privacy and legal concerns with big data. Pillsbury Winthrop Shaw Pittman LLP. Retrieved from
〈http://www.lexology.com/library/detail.aspx?g=027d46af-e621-4714-8da4-27c07f7ee6e0〉.
darkreading.com. (2013, May 23). Over half of big data & cloud projects stall because of security concerns. Retrieved from 〈http://www.darkreading.com/
management/over-half-of-big-data-cloud-projects-st/240155524〉.
Deighton, J., & Peter, A. J. (2013, October). The value of data: Consequences for insight, innovation & efficiency in the US economy. The Data Driven
Marketing Institute. Retrieved from 〈http://ddminstitute.thedma.org/#valueofdata〉.
Downs, A. (1957). An economic theory of democracy. New York: Harper and Row.
Drum, K. (2013, November/December). Privacy is dead. Long live transparency! Retrieved from 〈http://www.motherjones.com/politics/2013/10/
future-of-privacy-nsa-snowden〉.
Duhigg, C. (2012, February 16). How companies learn your secrets. New York Times. Retrieved from 〈http://www.nytimes.com/2012/02/19/magazine/
shopping-habits.html?_r=1&pagewanted=all〉.
Einav, L., & Levin, J. (2013, April). The data revolution and economic analysis. In NBER innovation policy and the economy conference. Retrieved from 〈http://
www.nber.org/papers/w19035〉.
emc.com. (2012, December 11). New digital universe study reveals big data gap: Less than 1% of world's data is analyzed; less than 20% is protected.
Retrieved from 〈http://www.emc.com/about/news/press/2012/20121211-01.htm〉.
Fertik, M. (2013, January 15). The rich see a different internet than the poor. Retrieved from 〈http://www.scientificamerican.com/article/rich-see-differ
ent-internet-than-the-poor/〉.
Fonseca, B. (2008, July 1). Unstructured data at risk in most firms, survey finds. Computerworld. 〈http://www.computerworld.com/article/2534496/data-
center/unstructured-data-at-risk-in-most-firms–survey-finds.html〉.
freepatentsonline.com (2003). Secure auditing of information systems. United States patent application 20030220940. Retrieved from 〈http://www.
freepatentsonline.com/y2003/0220940.html〉.
gartner.com. (2013). Big data. Retrieved from 〈http://www.gartner.com/it-glossary/big-data/〉.
Gens, F. (2011, December). IDC Predictions 2012: Competing for 2020. IDC Analyze the Future. Retrieved from 〈http://cdn.idc.com/research/Predictions12/
Main/downloads/IDCTOP10Predictions2012.p〉.
Gomez, J., Pinnick, T., & Soltani, A. (2009, June 1). Know privacy report. U.C. Berkeley School of Information, 5. Retrieved from 〈http://knowprivacy.org/
report/KnowPrivacy_Final_Report.pdf〉.
healthworkscollective.com (2014, April 9). 5 ways big data is improving patient outcomes, 2014. Retrieved from 〈http://healthworkscollective.com/
dougbennet/158371/ways-big-data-healthcare-improving-patient-outcomes〉.
Hechter, M. (1988). Principles of group solidarity. Berkley: University of California Press.
Hernandez, P. (2012, May 14). Survey: 70 percent of organizations have big plans for big data. Retrieved from 〈http://www.enterpriseappstoday.com/
data-management/survey-70-percent-enterprises-big-plans-for-big-data.html〉.
Hooper, J. (2010, February 24). Google executives convicted in Italy over abuse video. The Guardian, 〈http://www.theguardian.com/technology/2010/feb/24/
google-video-italy-privacy-convictions〉.
Hotelling, H. (1929). Stability in competition. The Economic Journal, 39, 41–57.
IBM (2013, May 22). The Dannon Company uses ibm smarter commerce to support yogurt market gains with big data analytics. Retrieved from 〈http://www-03.
ibm.com/press/us/en/pressrelease/41156.wss〉.
IBM (2014, March 11). Leading German car manufacturer boosts customer satisfaction using IBM Big Data & Analytics. Retrieved from 〈http://www-03.ibm.
com/press/us/en/pressrelease/43392.wss〉.
IFM (2013). Report finds data breaches mainly involve outsourced IT. Information Management Journal, 47(3), 16 (16).
ISACA. (2014, January). Generating value from big data analytics. White Paper. Retrieved from 〈http://www.isaca.org/Knowledge-Center/Research/
ResearchDeliverables/Pages/Generating-Value-From-Big-Data-Analytics.aspx〉.
Jonas, J. (2014, March 30). How corporate departments totally mishandle big data. Retrieved from 〈http://blogs.wsj.com/experts/2014/03/30/how-corpor
ate-departments-totally-mishandle-big-data/〉.
Kang, P. (1998). Stalking and domestic violence: The third annual report to congress under the violence against women act. Washington DC: U.S. Department of
Justice, Office of Justice Programs, Violence Against Women Grants Office.
Kelley, D. (2008). Addressing the unstructured data protection challenge. SecurityCurve
King, L. (2014). Alarm over the ‘gold rush’ for citizens' big data. Retrieved from 〈http://www.forbes.com/sites/leoking/2014/03/29/alarm-over-the-gold-rush-
for-citizens-big-data/〉.
King, N. J., & Jessen, P. W. (2010). Profiling the mobile customer – privacy concerns when behavioural advertisers target mobile phones – Part i. Computer
Law and Security Review, 26(6), 595–612.
Kosinski, M., Stillwell, D., & Graepe, T. (2013). Private traits and attributes are predictable from digital records of human behavior (Retrieved from).
Proceedings of the National Academy of Sciences of the USA 〈http://www.pnas.org/content/early/2013/03/06/1218772110〉.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4–5), 372–386.
Lane, J., Stodden, V., Bender, S., & Nissenbaum, H. (2014). Privacy, big data, and the public good: Frameworks for engagement. New York, NY: Cambridge
University Press.
Lenard, T. M., & Rubin, P. H. (2013, December). The big data revolution: Privacy considerations. Retrieved from 〈http://www.techpolicyinstitute.org〉.
 N. Kshetri / Telecommunications Policy 38 (2014) 1134–1145 1145

Liebowitz, S. J., & Margolis, S. (2005). seventeen famous economists weigh in on copyright: The role of theory, empirics, and network effects. Harvard
Journal of Law & Technology, 18(2), 435–457.
linnettaylor (2013) Surveil the rich, observe the poor: Big data at the Internet Governance Forum 2013. Retrieved from 〈http://linnettaylor.wordpress.com/
2013/10/25/surveil-the-rich-observe-the-poor-big-data-at-the-internet-governance-forum-2013/〉.
Manos, D. (2011, March 18). Patients sue Walgreens for making money on their data, healthcareitnews.com. Retrieved from 〈http://www.healthcareitnews.
com/news/patients-sue-walgreens-making-money-their-data〉.
Mantelero, A. (2012). Cloud computing, trans-border data flows and the European Directive 95/46/EC: Applicable law and task distribution. European
Journal for Law and Technology, 3, 2.
Mattioli, D. (2012, August 23). On Orbitz, Mac users steered to pricier hotels. Retrieved from 〈http://online.wsj.com/news/articles/SB1000142405270230
4458604577488822667325882?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304458604577488822667325882.html〉.
Mayer-Schönberger, V., & Cukier, K. (2013). Big Data: A revolution that will transform how we live, work and think. Boston: Houghton Mifflin Harcourt.
McKinsey Global Institute. (2013, July). Game changers: Five opportunities for US growth and renewal. Retrieved from 〈http://www.mckinsey.com/insights/
americas/us_game_changers〉.
Mitra, D. (1999). Endogenous lobby formation and endogenous protection: A long-run model of trade policy determination. American Economic Review, 89
(5), 1116–1134.
Murphy, K. (2010, August 11). Web photos that reveal secrets, like where you live. Retrieved from 〈http://www.nytimes.com/2010/08/12/technology/
personaltech/12basics.html?_r=0〉.
Neuhaus, F., & Webmoor, T. (2012). Agile ethics for massified research and visualisation. Information, Communication and Society, 15(1), 43–65.
Nevskaya, Y. (2012). Consumer information asymmetry in online product reviews (Working paper). New York: William E. Simon Graduate School of Business,
University of Rochester.
Norman, T. (2014, June 2). FCA reviews Google's price comparison service. Money Marketing (Online Edition). Retrieved from 〈http://www.moneymarketing.
co.uk/tessa-norman/3402.contributor〉.
Nunan, D., & Di Domenico, M. L. (2013). Market research and the ethics of big data. International Journal of Market Research, 55(4), 2–13.
Park, D. H., Lee, J., & Han, I. (2007). The effect of on-line consumer reviews on consumer purchasing intention: The moderating role of involvement.
International Journal of Electronic Commerce, 11(4), 125–148.
Pirlot, A. (2014, January 21). Big data: A tool for development or threat to privacy?. Retrieved from 〈https://www.privacyinternational.org/blog/
big-data-a-tool-for-development-or-threat-to-privacy〉.
Rose, J., Barton, C., Souza, R., & Platt, J. (2013). The trust advantage: How to win with big data, November. Boston Consulting Group (BCG), 2013.
Rosenbush, S. (2014, April 2). Few businesses are focused on unstructured data. Retrieved from 〈http://blogs.wsj.com/cio/2014/04/02/few-businesses-ar
e-focused-on-unstructured-data/〉.
Rubinstein, I. S. (2013). Big data: A pretty good privacy solution. New York: New York University School of Law.
SAP. (2014, March 6). SAP survey reveals big data-driven customer insight and real-time offers to open new revenue opportunities for operators. Retrieved from
〈http://www.news-sap.com/sap-survey-reveals-big-data-driven-customer-insight-and-real-time-offers-to-open-new-revenue-opportunities-for-operators/〉.
sas.com. (2013). Big Data: What it is and why it matters. Retrieved from 〈https://www.sas.com/en_us/insights/big-data/what-is-big-data.html〉.
Savvas, A. (2014). Cloud, big data raises spectre of insider data theft: Ovum. Retrieved from 〈http://www.computerworld.in/news/cloud,-big-data-raises-spec
tre-of-insider-data-theft%3A-ovum-〉.
scaledb.com (2012). High-velocity data – The data fire hose. Retrieved from 〈http://scaledb.com/high-velocity-data.php〉.
Shiller, B. R. (2013 20). First degree price discrimination using big data. MA: Economics Department, Brandeis University.
Singer, N. (2012, August 19). Secret e-scores chart consumers’ buying power. New York Times. Retrieved from 〈http://www.nytimes.com/2012/08/19/
business/electronic-scores-rank-consumers-by-potential-value.html?pagewanted=all〉.
Skok, G. (2000). Establishing a legitimate expectation of privacy in clickstream data. Michigan Telecommunications & Technology Law Review. Retrieved from
〈http://cyber.law.harvard.edu/privacy/PrivacyInClickstream%28Skok%29.htm〉.
Smithies, A. (1941). Optimum location in spatial competition. Journal of Political Economy, 49, 423–439.
Smolan, R., & Erwitt, J. (2012). The human face of big data. Sausalito, California: Against All Odds Productions.
Strahilevitz, L. (2013). Toward a positive theory of privacy law. Harvard Law Review, 126, 2010–2042.
Sullivan, B. (2003, August 8).Who profits from spam? Surprise. Retrieved from 〈http://www.msnbc.msn.com/id/3078642/ns/technology_and_science-secur
ity/t/who-profits-spam-surprise/#.TsZa31anz1U〉.
Sullivan, E. (2014). Discrimination potential seen in 'big data' use. Retrieved from 〈http://abcnews.go.com/Technology/wireStory/white-house-discrimination-potential-
data-23481770〉.
Taillard, M., & Glăveanu, V. (2012). Creativity and marketing: Interview with Marie Taillard. Europe's Journal of Psychology, 8(4), 519–522.
Talbot, D. (2013, October 9). Data discrimination means the poor may experience a different Internet. Retrieved from 〈http://www.technologyreview.com/
news/520131/data-discrimination-means-the-poor-may-experience-a-different-internet/〉.
Taylor, L., Meyer, E. T., & Schroeder, R. (2014). Bigger and better, or more of the same? Emerging practices and perspectives on big data analysis in economics (p.
1)Big Data and Society, 20141, http://dx.doi.org/10.1177/2053951714536877. 〈http://bds.sagepub.com/content/1/2/2053951714536877〉.
Teufel, H. II. (2008). Privacy policy guidance memorandum. Memorandum Number: 2008-01, December 29. The Privacy Office U.S. Department of Homeland
Security.
The Aspen Institute. (2010). The promise and peril of big data. Communications and society program. The Aspen Institute, Queenstown, Maryland.
Tinati, R., Halford, S., Carr, L., & Pope, C. (2014). Big data: Methodological challenges and approaches for sociological analysis. Sociologyhttp://dx.doi.org/
10.1177/0038038513511561.
Truxillo, C. (2013, July 8). Five myths about unstructured data and five good reasons you should be analyzing it. Retrieved from 〈http://blogs.sas.com/content/
sastraining/2013/07/08/five-myths-about-unstructured-data-and-five-good-reasons-you-should-be-analyzing-it/〉.
Tung, L. (2012, September 27). No personal data on Google Apps, Norway tells its councils as it clears cloud use, zdnet.com. Retrieved from 〈http://www.zdnet.
com/no-personal-data-on-google-apps-norway-tells-its-councils-as-it-clears-cloud-use-7000004904/〉.
Tung, L. (2013, June 14). Sweden tells council to stop using Google Apps. Retrieved from 〈http://www.zdnet.com/sweden-tells-council-to-stop-using-goo
gle-apps-7000016850/〉.
USA Today (2012, September 5). Survey: Cellphone users concerned about privacy in apps. Retrieved from 〈http://usatoday30.usatoday.com/tech/products/
story/2012-09-05/mobile-app-privacy/57599260/1〉.
Varian, H. R. (1997). Versioning information goods (January). Mimeo: University of California, Berkeley.
Varonis Systems (2008, June 30). Ponemon study – Survey on the governance of unstructured data. Retrieved from 〈http://www.varonis.com/metadata/
ponemon-study/〉.
Wood, P. (2013). How to tackle big data from a security point of view, March. Retrieved from 〈http://www.computerweekly.com/feature/
How-to-tackle-big-data-from-a-security-point-of-view〉.
Yadron, D. (2014, January 16). Target hackers wrote partly in Russian, displayed high skill, report finds. Retrieved from 〈http://online.wsj.com/news/articles/
SB10001424052702304419104579324902602426862〉.
Yan, Z. (2012, July 4). Personal data crimes set to be defined. Retrieved from 〈http://www.chinadaily.com.cn/china/2012-07/04/content_15546503.htm〉.