From a cover story in Time magazine, to high profile reporting in New York Times, Wall Street Journal, and Washington Post, to several landmark privacy bills in US Congress, the concerns around online privacy are on the rise. Battle lines are drawn between technology proponents and privacy advocates, while legal and public policy experts are weighing in on the matter.

Growth of data markets: No matter which side you are on, both are here to stay. With advancement of mobile and location based services, our online social experiences have risen to an unprecedented level of personalization, enabled by the explosion of big data and ubiquitous information sharing. “Putting data to work” is the new mantra for online businesses, trying to make sense of the hordes of data collected from their customers using sophisticated analytics.

Be it Facebook knowing what you “Like” on the Internet, Google or Twitter analyzing the trending topics, or your iPhone app tracking your location, we are deeply embedded in an ecosystem that is driving value from our private data, and providing in return such services that for many of us have become indispensible. The concerns about privacy in this context have prompted the policy makers to question the top technology companies, and privacy advocates to cast a watchful eye on new features and technologies being introduced.

Co-regulation is the new compliance: While privacy is often discussed in the context of regulatory compliance, there are other significant factors at play that will contribute to an organic development of privacy as a business (as opposed to a purely legal) concept, where self-regulation is the driver for compliance. This shift is only inevitable, because over-regulation is not going to help - in fact it could hurt innovation. And the modern consumer, though wary about online privacy, sees value in sharing data in exchange for services.

But businesses must earn consumer trust through self-regulation and increased transparency and control - a privacy policy that takes 152 clicks to view in a mobile app doesn’t cut it. The only privacy model that will succeed in this online marketplace will be mature enough to find the appropriate balance between consumer privacy and business innovation. A combination of smarter, technology neutral and principle based regulation and self-regulatory mechanisms will develop into a co-regulation paradigm.

Businesses compete on privacy: There are signs pointing in the right direction. Self-regulation mechanisms for Online Behavioral Advertising (OBA), like AdChoices, are being put in place by online advertising industry associations and members are being urged to comply. Proposals like BCR designed to provide accountability for corporate privacy compliance programs have been introduced.

The oversight by the Federal Trade Commission (FTC) will help compliance in this space, and is already playing a key role in efforts to push mechanisms like “Do Not Track”, push for smarter controls like “privacy by design” and inquiries into deceptive privacy practices. The awareness levels of users about privacy are rising, and the tipping point for improved and effective co-regulation will lie along that continuum. More awareness will lead to more market differentiation based on privacy preferences of consumers. If privacy is profitable, businesses will compete on privacy and consumers will win. Overall, this will give rise to a privacy-centered economy where privacy becomes a new currency of the online marketplace.

Privacy economy cost vs. risk: No model is one-size-fits-all. What about consumers still unwilling to trade their privacy, one might ask? The answer is to balance transparency with control: as opposed to an all-or-nothing mode of sharing, consumers should be able to negotiate fine-grained data sharing policies with the service provider. In the extreme case, they might be provided a pay-for-privacy option to opt-out at a cost and still use the service - an idea that preserves the economic interests of the ad-supported businesses, as well as the privacy preferences of the consumer.

This thought is sure to get mixed reactions, but is not unlike how consumers did business transactions for centuries before the growth of data markets - using real money and not getting tracked. This option should additionally come with “privacy insurance”, where businesses absorb the risk of privacy losses resulting from use of the service.

Only time will tell which model will thrive, but the battle rages on.

Posted by Ryan LaSalle (@labsguy) and Rafae Bhatti (@privacyphd)