{"title":"Strict liability versus negligence in the case of data breach","authors":"Jooyong Jun , Jeong-Yoo Kim","doi":"10.1016/j.irle.2024.106218","DOIUrl":null,"url":null,"abstract":"<div><p>This study compares the efficiency of the strict liability and negligence rules in the case of a data breach. Contrary to standard results, we demonstrate that the strict liability rule cannot induce the efficient activity and care levels of a data controller. This is mainly due to possible positive externalities from data breaches, unlike in usual tort cases. We show that the negligence rule is more efficient than the strict liability rule if the positive externality is sufficiently large. The main insight is carried over to the case where a data controller uses a data processor to process personal information before selling it in the market. If hackers are explicitly introduced into the model, the care level of the data controller increases with the hacking activity, whereas the latter level decreases with the former. In this model, if the hacker’s gain is sufficiently small, the negligence rule can be made more efficient by adjusting due care to a harsher level than the equilibrium care level under strict liability to reduce hacking activity, although a pure strategy equilibrium may not exist for some due care levels.</p></div>","PeriodicalId":47202,"journal":{"name":"International Review of Law and Economics","volume":"79 ","pages":"Article 106218"},"PeriodicalIF":0.9000,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Review of Law and Economics","FirstCategoryId":"96","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0144818824000383","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ECONOMICS","Score":null,"Total":0}
引用次数: 0
Abstract
This study compares the efficiency of the strict liability and negligence rules in the case of a data breach. Contrary to standard results, we demonstrate that the strict liability rule cannot induce the efficient activity and care levels of a data controller. This is mainly due to possible positive externalities from data breaches, unlike in usual tort cases. We show that the negligence rule is more efficient than the strict liability rule if the positive externality is sufficiently large. The main insight is carried over to the case where a data controller uses a data processor to process personal information before selling it in the market. If hackers are explicitly introduced into the model, the care level of the data controller increases with the hacking activity, whereas the latter level decreases with the former. In this model, if the hacker’s gain is sufficiently small, the negligence rule can be made more efficient by adjusting due care to a harsher level than the equilibrium care level under strict liability to reduce hacking activity, although a pure strategy equilibrium may not exist for some due care levels.
期刊介绍:
The International Review of Law and Economics provides a forum for interdisciplinary research at the interface of law and economics. IRLE is international in scope and audience and particularly welcomes both theoretical and empirical papers on comparative law and economics, globalization and legal harmonization, and the endogenous emergence of legal institutions, in addition to more traditional legal topics.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
