Data Trading with a Monopoly Social Network
Outcomes are Mostly Privacy Welfare Damaging

This paper argues that data of strategic individuals with heterogeneous privacy valuations in a distributed online social network (e.g., Facebook) will be under-priced, if traded in a monopoly buyer setting, and will lead to diminishing utilitarian welfare. This result, for a certain family of online community data trading problems, is in stark contrast to a popular information economics intuition that increased amounts of end-user data signals in a data market improves its efficiency. Our proposed theory paves the way for a future (counter-intuitive) analysis of data trading oligopoly markets for online social networks (OSNs).

distributed community, monopoly, social welfare

Data of billions of online individuals are currently gathered, processed, and analyzed for personalized advertising or other online service¹¹1Facebook itself has approximately 2.5 billion monthly active individual users.. This trend is on the high rise with a perennial increase in online apps, IoT technologies, and advanced AI/ML methodologies. It is a common and age-old notion in economics (see [1, 2, 3, 4, 5, 6, 7, 8, 9]) that the benefits and use of sharing individual information with the demand side of an information market is beneficial to targeted customization, demand side profit, and the growth of data-‘hungry’ AI/ML controlled businesses. It has also been argued by economists [10, 11] that because of the above-mentioned benefits that individual data brings to a market setting, a competitive market mechanism might generate too little data sharing from the supply side.

In this letter, we rigorously argue, through a counter-example of a simple application type, that the popularly known economic intuition does not hold in general, atleast for a monopoly information market setting. More specifically, we show that for some community settings (e.g., Facebook) trading end-user data/information signals in a monopoly market leads to diminishing economic utilitarian social welfare. The intuition behind this result primarily lies behind the negative externalities created via trading statistically correlated end-user signals when these heterogeneous users have varying privacy valuations of their data signals. The result is contrary to recent results that intuit/prove that privacy can be detrimental to information market efficiency [5, 9, 12, 13, 14, 15, 16] if ideally, one’s value of privacy is not high, or one’s data is mildly correlated with others. Specifically, we prove that information markets will be inefficient in non-ideal community settings - formally hinted earlier in [14]. Our analysis is complete for a monopoly structure, with a major takeaway being that in practical social community settings, sub-population privacy will jeopardized at a monopoly data trading market equilibrium. To the best of our knowledge, we are the first to mathematically dispel traditional information economics intuition, albeit for social network settings only. Moreover, it paves the way for a future (counter-intuitive) analysis of general community data trading oligopoly markets.

The rest of the paper is organized as follows. In Section II, we provide an intuition, via an example, towards proving our claim. We then follow this up in Section III with the description of a formal monopoly market model. In Section IV, we analyze this market model and formally prove our claim. We provide illustrative examples of our theory in Section V. We conclude the letter in Section VI.

We provide an example-driven intuition that leads us to formally investigate the validity of the hypothesis that OSN user information promotes efficient data trading markets.

We focus on the widely popular Cambridge Analytica scandal. The company acquired private information of millions of individuals from data shared by 270,000 Facebook users who voluntarily downloaded an app for mapping personality traits, called This is your digital life. The app accessed users’ news feed, timeline, posts, and messages, and revealed information about other Facebook users. The company was finally able to infer valuable information about more than 50 million Facebook users, which it deployed for designing personalized political messages and advertising in the Brexit referendum and the 2016 US presidential election. This scandal highlighted two important facets: (i) private information (e.g., behavior, habits, preferences) of users part of an online social community such as Facebook are correlated and results in knowing such information about other users²²2Habits and preferences of a highly educated gay from a particular locality is informative about others with the same profile and residing in the same area. whose data is not leaked, and (ii) once it is openly publicized that valuable user information has been breached to satisfy external objectives, users are often miffed resulting in a huge social uproar as did happen in the case of the Cambridge Analytica scandal. These observations motivated us to develop a skepticism regarding the popular economic notion that more data implies increased information market efficiency. It could also be that trading in return for incentives for such community settings might not go down well³³3This is a high chance in scenarios of social uproar post publicly known data breaches, if not in cases where data breaches go un-noticed. with the user privacy preferences, consequently hampering societal welfare (see Section III for a definition).

To state our intuition in a relatively more formal manner (courtesy of [15]), consider a community platform with two users, $i$ = 1, 2. Each user owns its own personal data, which we represent with a random variable $X_{i}$ (from the viewpoint of the platform). The relevant data of the two users are related, which we capture by assuming that their random variables are jointly normally distributed with mean zero and correlation coefficient $\rho$. The community platform can acquire or buy the data of a user in order to better estimate her preferences or actions. Its objective is to minimize the mean square error of its estimates of user types, or maximize the amount of leaked information about them. Suppose that the valuation (in monetary terms) of the platform for the users’ leaked information is one, while the value that the first user attaches to her privacy, again in terms of leaked information about her, is $\frac{1}{2}$ and for the second user it is $v>0$. We also assume that the platform makes take-it-or-leave-it offers to the users to purchase their data. In the absence of any restrictions on data markets or transaction costs, the first user will always sell her data (because her valuation of privacy, $\frac{1}{2}$, is less than the value of information to the platform, 1). But given the correlation between the types of the two users, this implies that the platform will already have a fairly good estimate of the second user’s information. Suppose, for illustration, that $\rho\simeq 1$. In this case, the platform will know almost everything relevant about user 2 from user 1’s data, and this undermines the willingness of user 2 to protect her data. In fact, since user 1 is revealing almost everything about her, she would be willing to sell her own data for a very low price (approximately 0 given $\rho\simeq 1$). But once the second user is selling her data, this also reveals the first user’s data, so the first user can only charge a very low price for her data. Therefore in this simple example, the community platform will be able to acquire both users’ data at approximately zero price. Critically, however, this price does not reflect the users’ valuation of privacy. When $v\leq 1$, the equilibrium is efficient because data are socially beneficial in this case (even if data externalities change the distribution of economic surplus between the platform and users). However, it can be arbitrarily inefficient when $v$ is sufficiently high. This is because the first user, by selling her data, is creating a negative externality on the second user.

A simple example, such as the one aforementioned, clearly provides an intuition regarding the inefficiency of information trading in community settings with heterogeneous privacy valuations. In this section. en route to generalizing the validity (or invalidity) of our intuition, we propose a monopoly information trading market model (reproduced from [15])⁴⁴4We use the same notation for consistency purposes. consisting of $n$ platform users and a profit-maximizing community platform (e.g., Facebook).

We consider $n$ community users represented by the set $\mathcal{V}=\{1,\ldots,n\}.$ Each user $i\in\mathcal{V}$ has a type denoted by $x_{i}$ which is a realization of a random variable $X_{i}.$ We assume that the vector of random variables $\mathbf{X}=\left(X_{1},\ldots,X_{n}\right)$ has a joint normal distribution $\mathcal{N}(0,\Sigma),$ where $\Sigma\in\mathbf{R}^{n\times n}$ is the publicly known covariance matrix of $\mathbf{X}.$ Let $\Sigma_{ij}$ designate the $(i,j)$ -th entry of $\Sigma$ and $\Sigma_{ii}=\sigma_{i}^{2}>0$ denote the variance of individual $i^{\prime}$s type. Each user has some personal data, $S_{i}$, which is informative about its type, i.e., the ‘DNA’ that drives the user’s tastes (for example, based on her past behavior, preferences, or contacts). We suppose that $S_{i}=X_{i}+Z_{i}$ where $Z_{i}$ is an independent random variable with standard normal distribution⁵⁵5This has taken various forms in the information privacy literature [17]., i.e., $Z_{i}\sim\mathcal{N}(0,1)$. For any user joining the community platform, the platform can derive additional revenue (e.g., due to benefits of targeted advertising) if it can predict the user’s type. We simply assume that the community platform’s revenue from each user is a deceasing function of the mean square error of its forecast of the user’s type, minus what the platform pays to users to acquire their information. More specifically, the objective of the platform is to minimize

$$\sum_{i\in\mathcal{V}}\left(\mathbb{E}\left[\left(\hat{x}_{i}(\mathbf{S})-X_{i}\right)^{2}\right]-\sigma_{i}^{2}+p_{i}\right)$$

(1)

where $\mathbf{S}$ is the vector of data the platform acquires, $\hat{x}_{i}(\mathbf{S})$ is the platform’s estimate of the user’s type given this information, $-\sigma_{i}^{2}$ is included as a convenient normalization, and $p_{i}$ denotes payments (be it explicit or implicit) to user $i$ from the platform for their data (we ignore for simplicity any other transaction costs incurred by the platform).

Users value their privacy, which we also model in a reduced-form manner (reflecting both pecuniary and non-pecuniary⁶⁶6As example, the fact that a user may receive a greater consumer surplus when the platform knows less about her or she may have a genuine demand for keeping her preferences, behavior, and information private. There may also be political and social reasons for privacy, for example, for concealing dissident activities or behaviors disapproved by some groups. motives) as a function of the same mean square error. We assume, specifically, that user $i^{\prime}$ s value of privacy is $v_{i}\geq 0,$ and her payoff is $v_{i}\left(\mathbb{E}\left[\left(\hat{x}_{i}(\mathbf{S})-X_{i}\right)^{2}\right]-\sigma_{i}^{2}\right)+p_{i}$ This expression and its comparison with objective (1) clarifies that the platform and users have potentially- opposing preferences over information about user type. We have again subtracted $\sigma_{i}^{2}$ as a normalization, which ensures that if the platform acquires no additional information about the user and makes no payment to it, the payoff is zero. Critically, users with $v_{i}<1$ value their privacy less than the valuation that the platform attaches to information about them, and thus reducing the mean square error of the estimates of their types is socially beneficial. In contrast, users with $v_{i}>1$ value their privacy more, and reducing their mean square error is socially costly. In settings without data externalities (where data about one user have no relevance to the information about other users - an example being collection agencies not gathering addresses locations), the first group of users should allow the platform to acquire (buy) their data, while the second group should not. A simple market mechanism based on prices for data can implement this efficient outcome, in accordance to the traditional economic notion that more information implies better market efficiency. However, the situation could be very different in the presence of data externalities (e.g., online community settings such as Facebook).

A key notion for our analysis is breached information, which captures the reduction in the mean square error of the platform’s estimate of the type of a user. When the platform has no information about user $i$, its estimate satisfies $\mathbb{E}\left[\left(\hat{x}_{i}-X_{i}\right)^{2}\right]=\sigma_{i}^{2}$. As the platform receives data from this and other users, its estimate improves and the mean square error declines. The notion of breached information captures this reduction in mean square error (MSE). Specifically, let $a_{i}\in\{0,1\}$ denote the data sharing action of user $i\in\mathcal{V}$ with $a_{i}=1$ corresponding to sharing. Denote the the profile of sharing decisions by $\mathbf{a}=\left(a_{1},\ldots,a_{n}\right)$ and the decisions of agents other than $i$ by $\mathbf{a}_{-i}.$ We also use the notation $\mathbf{S}_{\mathbf{a}}$ to denote the data of all individuals for whom $a_{j}=1,$ i.e., $\mathbf{S}_{\mathbf{a}}=\left(S_{j}:j\in\mathcal{V}\,\mathrm{s.t.}\,a_{j}=1\right).$ Given a profile of actions a, the breached information of (or about) user $i\in\mathcal{V}$ is the reduction in the MSE of the best estimator of the type of user $i$ : $\mathcal{I}_{i}(\mathbf{a})=\sigma_{i}^{2}-\min_{\hat{x}_{i}(\cdot)}\mathbb{E}\left[\left(X_{i}-\hat{x}_{i}\left(\mathbf{S}_{\mathbf{a}}\right)\right)^{2}\right].$

Notably, because of data externalities, breached information about user $i$ depends not just on her decisions but also on the sharing actions taken by all users. With this notion at hand, we can write the payoff of user $i$ given the price vector $p=(p_{1},...,p_{n})$ as

$$u_{i}\left(a_{i},\mathbf{a}_{-i},\mathbf{p}\right)=\left\{\begin{array}[]{ll}p_{i}-v_{i}\mathcal{I}_{i}\left(a_{i}=1,\mathbf{a}_{-i}\right),&a_{i}=1\\ -v_{i}\mathcal{I}_{i}\left(a_{i}=0,\mathbf{a}_{-i}\right),&a_{i}=0\end{array}\right.$$

where recall that $v_{i}\geq 0$ is user’s value of privacy. We also express the monopoly platform’s payoff more compactly as

$$U(\mathbf{a},\mathbf{p})=\sum_{i\in\mathcal{V}}\mathcal{I}_{i}(\mathbf{a})-\sum_{i\in\mathcal{V}:a_{i}=1}p_{i}$$

(2)

An action profile $a=(a_{1},...,a_{n})$ of the strategic users and a price vector $p=(p_{1},...,p_{n})$ for the users constitute a pure strategy equilibrium of the user-platform game if both users and the community platform maximize their payoffs given other players’ strategies. More formally, we define an equilibrium of this game as a Stackelberg equilibrium in which the monopoly platform chooses the price vector recognizing the user equilibrium that will result following this choice.

We denote the set of user equilibria at a given price vector $\mathbf{p}$ by $\mathcal{A}(\mathbf{p})$. A pair $\left(\mathbf{p}^{\mathrm{E}},\mathbf{a}^{\mathrm{E}}\right)$ of price and action vectors is a pure strategy Stackelberg equilibrium if $\mathbf{a}^{\mathrm{E}}\in\mathcal{A}\left(\mathbf{p}^{\mathrm{E}}\right)$ and there is no profitable deviation for the platform, i.e.,

$$U\left(\mathbf{a}^{\mathrm{E}},\mathbf{p}^{\mathrm{E}}\right)\geq U(\mathbf{a},\mathbf{p}),\;{\rm for\;all\;}\mathbf{p}{\rm\;and\;for\;all\;}\mathbf{a}\in\mathcal{A}(\mathbf{p})$$

In what follows, we refer to a pure strategy Stackelberg equilibrium simply as an equilibrium.

We now characterize two important properties of the breached information function $\mathcal{I}_{i}$ : $\{0,1\}^{n}\rightarrow\mathbf{R}$.
1. Monotonicity: for two action profiles a and $\textbf{a}^{\prime}$ with a $\geq$ $\textbf{a}^{\prime}$

$$\mathcal{I}_{i}(\mathbf{a})\geq\mathcal{I}_{i}\left(\mathbf{a}^{\prime}\right),\quad\forall i\in\{1,\ldots,n\}$$

2. Submodularity: for two profiles a and $\textbf{a}^{\prime}$ with $\mathbf{a^{\prime}}_{-i}\geq\mathbf{a}_{-i}$,

$$\mathcal{I}_{i}\left(a_{i}=1,\mathbf{a}_{-i}\right)-\mathcal{I}_{i}\left(a_{i}=0,\mathbf{a}_{-i}\right)\geq\mathcal{I}_{i}\left(a_{i}=1,\mathbf{a}_{-i}^{\prime}\right)-\mathcal{I}_{i}\left(a_{i}=0,\mathbf{a}_{-i}^{\prime}\right)$$

The monotonicity property states that as the set of community users who share their information expands, the breached information about each user (weakly) increases. This is an intuitive consequence of the fact that more information always facilitates the estimation problem of the platform and reduces the mean square error of its estimates. More important for the rest of our analysis is the submodularity property, which implies that the marginal increase in the breached information from individual $i$’s sharing decision is decreasing in the information shared by others. This too is intuitive and follows from the fact that when others’ actions reveal more information, there is less to be revealed by the sharing decision of any given individual. Thus, from the celebrated result due to Topkis [18], for any $\mathbf{p}$, the set $\mathcal{A}(\mathbf{p})$ is a complete lattice, and thus has a least and a greatest element. This implies that the set of user equilibria is always non-empty.

Enroute to analyzing the market welfare generated via the aforementioned game setting, we first define the benchmark first best welfare outcome as the data sharing decisions that maximize utilitarian social welfare or social surplus given by the sum of the payoffs of the platform and users. Social surplus (SoS) from an action profile a is

$$SoS(\textbf{a})=U(\mathbf{a},\mathbf{p})+\sum_{i\in\mathcal{V}}u_{i}(\mathbf{a},\mathbf{p})=\sum_{i\in\mathcal{V}}\left(1-v_{i}\right)\mathcal{I}_{i}(\mathbf{a})$$

Note that prices do not appear in this expression because they are transfers from the community platform to users. The first-best action profile, $\textbf{a}^{W}$, maximizes this expression. The following theorem (built on [15]) characterizes the first-best action profile.

Implication - To understand this result, consider first the case in which there are no data externalities so that the covariance terms in (3) are zero, except ${\rm Cov}\left(X_{i},X_{i}|a_{i}=0,\mathbf{a}_{-i}^{\mathrm{W}}\right)=\sigma_{i}^{2}$, so that the left-hand side is simply $\sigma_{i}^{4}/\left(1+\sigma_{i}^{2}\right)$ times $1-v_{i}$. This yields $a^{W}_{i}=1$ if $v_{i}\leq 1$ (thus a no externality setting becomes mathematically equivalent to case when all users do not value their privacy enough) . The situation is different in the presence of data externalities, because now the covariance terms are non-zero. In this case, an individual should optimally share her data only if it does not reveal too much about users with $v_{j}>1$. Note here that the covariance matrix can be robustly estimated from publicly observed $S_{i}$ values as dependencies are usually preserved in the addition of noise within a threshold.

In this section, we adopt the more realistic assumption that, to start with, the monopoly platform does not know the exact valuations of users in a community (in contrast to assumptions made in existing works such as [19]) that are only private to them, but are informed that the valuations $v_{i}$ come from the cumulative distribution function $F_{i}$ and density function $f_{i}$ (with upper support denoted by $v_{\max}$). We allow the platform to design a pricing mechanism that elicits the true privacy valuations from the users (as Step 1 of the economy), somewhat similar to the seminal Vickrey-Clarkes-Groves (VCG) mechanism with a minor variation. More specifically, for any user $i\in\mathcal{V}$ the price offered to user $i$ (as Step 2 of the economy) is equal to the surplus of all other users on the platform when user $i$ is present minus by the surplus when user $i$ is absent. We consequently have the following result.

We now have the following theorem characterizing the equilibrium of the monopoly market setting.

Implication - The theorem guarantees the existence of a unique monopoly market equilibrium where community platform users elicit their true valuations. A sufficient condition for $\Phi_{i}(v)$ to be non-decreasing is for $\frac{f_{i}(v)}{F_{i}(v)}$ to be non-increasing. This requirement is satisfied for a variety of distributions such as uniform and exponential [20].

We now investigate whether the reachable market equilibrium is efficient. We have the following result, via [15], in this regard.

Implication - The theorem provides the conditions under which market equilibrium in a monopoly community information trading setting is utilitarian welfare (in)efficient. Note that the market efficiency results in the theorem are conservative in the sense we assume user privacy valuations are unknown in the worst case, and the platform does its best to elicit true valuation responses. Inefficiency in this setting would imply inefficiency in the case where community user valuations are untruthful (see point #5 in the theorem). According to the points in the theorem, it is evident that the information trading market is efficient is when high-value users (those with both $v_{i},\Phi_{i}(v_{i})\geq 1$ are uncorrelated with all other users - something practically rare to achieve, and low-value users have $\Phi_{i}(v_{i})$ values less than one (note here that low-value users always have $v_{i}<1$ but could have $\Phi_{i}(v_{i})$ values greater than 1). Not satisfying either will lead to incentive compatibility conditions preventing efficient allocation. In all other cases, the information trading market is inefficient (SoS at equilibrium is not optimal), and the extent of inefficiency depends on whether high-value users are correlated with low-value users with $\Phi_{i}(v_{i})$ values greater or less than one.

In this section, we provide numerical examples (as in [15]) to lucidly illustrate (a) the existence of a data trading market equilibrium, and (b) the social surplus (SoS) zone at market equilibrium.

The following example illustrates the social welfare zone at market equilibrium with variations in the correlation coefficient $\rho$ and privacy valuation for high-value community users.

In this paper, we mathematically argued, using recent developments in [15], that social community data trading is not economically welfare efficient in a monopoly market setting, going against the popular economic philosophy/intuition that increased amounts of end-user data signals in a market improves utilitarian social welfare. The primary reason behind our result is the significant negative externality (via user signal correlations) generated by privacy breaches in the information market that cannot be cancelled out via market equilibrium prices handed over to the users for their information.

This work NSF-supported under grants CNS-1616575, CNS-1939006, CNS-2012001, and ARO W911NF1810208.