Since the EU's "General Data Protection Regulation (GDPR)" came into effect, a set of complex mechanisms on privacy management, personal information security protection and data flow have been established in Europe. At the same time, the EU opposes the "data sovereignty theory" within its member countries or trade agreement partners, such as restricting the "data localization laws" passed by its member countries. In the interview with PKU Financial Review, Ginger Jin, professor of economics at the University of Maryland, College Park, states that excessive restrictions on data collection, sharing, and usage may hinder data-driven innovation, which may decrease the economy development. However, it may not be the case that restrictions are always bad. Professor Jin believes that we should think about the following questions: which restrictions target market failures? Why the formulated restrictions will effectively solve the targeted market failures? These restrictions may have what unexpected consequences?
 
PKU Financial Review: Nowadays, we still debate on the issue of personal data ownership. Although individuals generate data, personal data has less value to them, while it’s invaluable to enterprises. So how should we define the ownership of personal data and the corresponding protection responsibilities?
 
Ginger Jin: While clear property rights are the key to resolving disputes in physical property or intellectual property, it is not necessarily the best framework to think about personal data. For example, property right implies that the owner of the property has full discretion to use the property in whatever way he wants; but in the context of personal data, even if one is willing to give his bank card number to a retailer for the purchase of a good, it does not mean he allows the retailer to sell his name, address and bank card number to someone who may later use this information to steal money from the card. Hence, consumer consent to sharing personal data with a firm is tied to a specific use of the data by the firm. This feature is not captured in the typical definition of property right.
 
PKU Financial Review: There is an opinion that in order to better protect privacy, the most effective way is to treat privacy as an exchangeable commodity, so that participants can choose to obtain benefits by transferring part of their rights and interests. Do you agree with this opinion? How can personal privacy protection be more efficient and lower cost?
 
Ginger Jin: I do not think privacy is an exchangeable commodity, because consent to data sharing is often tied to a specific use of the data by a particular party. More precisely, privacy refers to some restriction in the flow and use of (initially) private information, that is, what information, to whom and how it is used. A user has more privacy protection if he has more control and more knowledge on the flow and use of his personal information.
 
PKU Financial Review: While more and more companies or institutions need to collect and share user data, and they also need to ensure the security of their own commercial data, a third-party organization and product that can provide DPaaS (Data-Privacy-as-a-Service) may become a "necessity". Advocates believe in that DPaaS can effectively avoid the risk and dispute of data privacy disclosure caused by data sharing, maintain the trust of users, and reduce the cost. What do you think of the development prospects of DPaaS?
 
Ginger Jin: I am not familiar with the concept of DPaaS. If it just means third-party provision of data security, it is unclear why a third party is always more reliable or more efficient than the entity that collects the user data in the first place. In the business world, the make-or-buy decision often depends on many factors, I imagine the make-or-buy decision on the service of data security is no exception.
 
PKU Financial Review: Christine Lagarde, former Managing Director of the IMF, said that the private sector cannot provide payment privacy. In fact, in the digital age, the digital technology payment options provided by the private sector will also promote price discrimination and reduce social welfare. Will the digital currency provided by the government be the best successor to cash (Cash allows for anonymous payments) in terms of consumer protection? How will the digital technology payment options provided by the private sector be affected?
 
Ginger Jin: First of all, it is well known in economics that price discrimination has ambiguous effects on social welfare. I do not see any reason why this common wisdom would not apply to the digital age. If lack of anonymity is the main concern of digital currency (as compared to anonymous cash), that concern exists regardless of whether the digital currency is issued by the private sector or the government. There is no guarantee that the government will always provide 100% privacy, or provide better privacy than private sectors. For example, government officials may be slow in adopting the newest technology for data security, may lack market-driven incentives to respond to heightened user demand for more privacy, and may be more vulnerable to political pressure for shady data sharing. These concerns can be severe in countries that do not have a good system to monitor, discipline and correct government behavior. 
 
PKU Financial Review: Since the EU General Data Protection Regulation came into effect, more and more countries are focusing on their own privacy and security issues. This year, China has successively introduced a series of privacy protection policies. What is your comment on that? What is the biggest impact these policies will have on China's future development?
 
Ginger Jin: I am glad more countries are paying attention to privacy and security issues. I have not followed China’s privacy protection policies, so I do not know what market failures they try to fix and how successful they are in fixing them. Based on my own research about GDPR, I am concerned that overreaching restrictions on data collection, data sharing and data use may discourage data-driven innovations, which may in turn slow down economic development. That does not mean restrictions are always bad. To ensure “good” restrictions, one should ask what restrictions target which market failures, why the proposed restrictions will effectively address the targeted market failures, and what unintended consequences may arise from the restrictions.
 
PKU Financial Review: What do you think of the “privacy paradox”——while we enjoy the infinite convenience brought by technology, we randomly register new websites and mobile applications on the Internet, leaving personal information, and often without or with little financial compensation?
 
Ginger Jin: I am not sure we can categorize people’s online registration as “random.” Many users may have some tradeoffs in mind when they decide to register on a new website or a new mobile app with personal information, but the tradeoffs they made in this action may be inconsistent with what they say they care about when they are asked about privacy. Privacy paradox refers to such inconsistency.



Ginger Jin, professor of economics at the University of Maryland, College Park
* This article has been  translated and published in PKU Financial Review.