Privacy Regulation and Barriers to Public Health

The COVID-19 pandemic has killed millions and gravely disrupted the world’s economy. A safe and effective vaccine was developed remarkably swiftly, but as of yet, uptake of the vaccine has been slow. This paper explores one potential explanation of delayed adoption of the vaccine, which is data privacy concerns. We explore two contrasting regulations that vary across U.S. states that have the potential to affect the perceived privacy risk associated with receiving a COVID-19 vaccine. The first regulation—an “identification requirement”—increases privacy concerns by requiring individuals to verify residency with government approved documentation. The second regulation—“anonymity protection”—reduces privacy concerns by allowing individuals to remove personally identifying information from state-operated immunization registry systems. We investigate the effects of these privacy-reducing and privacy-protecting regulations on U.S. state-level COVID-19 vaccination rates. Using a panel data set, we find that identification requirements decrease vaccine demand but that this negative effect is offset when individuals are able to remove information from an immunization registry. Our results remain consistent when controlling for CDC-defined barriers to vaccination, levels of misinformation, vaccine incentives, and states’ phased distribution of vaccine supply. These findings yield significant theoretical and practical contributions for privacy policy and public health.

This paper was accepted by David Simchi-Levi, information systems.

Supplemental Material: Data and the e-companion are available at https://doi.org/10.1287/mnsc.2022.4580.