The personal data that you so freely provide to Internet sites is worth something. Yet it's unclear how much individuals actually understand the cost-benefit trade-offs that they undertake when making purchase on the Internet. What does it mean to disclose personal data?

A study released by the European Network and Information Security Agency (ENISA) analyzes the monetization of privacy, or a consumer's decision of disclosure or non-disclosure of personal data in relation to a purchase transaction. The researchers investigated whether or not customers of online services would pay a mark-up to an online service provider who protected their information better?

Online privacy is becoming increasingly important in the wake of Facebook's public offering and Google's one-size-fits-all privacy policy. A recent study from Pew reported that most Americans were "anxious" about the personal information that search engines and websites collected from them: 65% were worried that it would create a filter bubble-like effect. Only 29% thought search engines collecting information to shape future search results was a good thing. When this data collection coincides with commerce, will the results differ?

The ENISA study is the largest laboratory experiment in the field of privacy economics to date. Four-hundred and forty-three participants were invited to a lab in Berlin, and were asked to buy movie tickets from one of two online sites. By default, each company asked for names, birth dates and email addresses. One of the companies asked for additional information - a mobile phone number. In exchange, participants were charged 50 Euro cents less (approximately 65 cents U.S.).

Of the participants, only one in three (or 29%) paid extra in order to not submit their cellphone number. A tiny 9% paid to avoid receiving marketing emails. Price differences aside, 80% went with the company that collected less personal data. On the whole, 74% of Europeans say that they believe disclosing personal data is an increasing part of modern life. Only 43% say they have been asked for more data than necessary when trying to obtain access to an online service. According to ENISA, 47% of service providers treated personal data as a commercial asset; 48% admitted to sharing data with third parties.

In the European Commission's report, Communication of the Digital Agenda of Europe, it states that a lack of trust in the online environment is hampering the development of Europe's online economy. Naturally, consumers are less apt to shop online if they feel like their rights are not being protected.

Facebook Social Commerce and Access to Your Information

Targeted advertisements and personalization aren't a new controversy. Last year's European Commission's crackdown on the way Facebook gathers information about European users, which aimed to ban targeted adverting unless users wanted it, was one step forward in the face of a privacy-less world.

As Facebook social commerce apps continue to expand, with sites like, Ticketmaster and TripAdvisor, users need to be increasingly aware of how much information they are divulging. The Ticketmaster on Facebook app, for example, asks for basic info, profile info (including description, interests and likes), events, events shared with you and your music activity. The app might also post on your behalf, mentioning events you attended, events you bought tickets to and an ambiguous "more," which is not explained on the easily clickable permissions dialog screen.

There is a tiny privacy policy link somewhere on that Ticketmaster screen, however. It explains the extensive collection of information by third parties, including cobranded pages, transactions with e-commerce partners, vendors and advertisers, third party advertising and third party links. In the information we collect section, Ticketmaster clearly states that it collects both personally identifiable information (residential address, telephone number or billing information) and non-personally identifiable information (aggregated information, demographic info, IP addresses, geographic location and "other information that does not reveal your specific identity).