We’ve become a society used to the idea of giving up some amount of privacy in exchange for a service or discount. We understand that free services like Facebook have a catch that involves exchanging our personal details for something in return, in this case, a platform that enables us to connect with anyone and everyone. That clearly seems like a fair exchange to millions.

This is nothing new. We’ve been selling our privacy for a while now:

We sell our privacy to the grocery store, when we allow loyalty cards to track each and every thing we purchase, in exchange for discounts on green beans and more. We save thousands of dollars a year in that exchange.

We sell our privacy in the same way to online pharmacies, giving them details of everything from our cosmetics preferences to the current state of our health and on-going medical conditions in exchange for convenient reminders to refill prescriptions and product recommendations specifically tailored to our health concerns.

We sell our privacy to the airlines when we download an airline app to our smartphones to receive better customer service. Whether we’re consulting it or not, the app is tracking our travel preferences, travel patterns, quite possibly our religious affiliation through our meal choice, and even our present location.

Sometimes the loss of privacy is the benefit. Hire an on-line running coach to prepare for a 10K or a marathon, and you will put detailed information out there for all to see about your times, distances run, heart rate, calories burned, and even the amount and nutritional value of the food you eat. But that’s the point. Making the information so public makes it harder to game the system and easier to comply with the plan.

But how far are we willing to go? For instance, asks entrepreneur and author Alistair Croll , “Are we ready to get a text telling us to get off the bus and walk home to get our daily quota of steps? At what point do we start to feel like we’re under house arrest, complete with a tracking bracelet?”

If there’s a point where the balance tips and the intrusions on privacy outweigh the benefits, we may have arrived at it with the advent of big data. Consider car-insurer Progressive’s Snapshot and Insure the Box, self-described as “The UK’s leading telematics insurer.” These companies offer the prospect of lower car-insurance rates in exchange for watching your every move on the road by pulling data from the diagnostic port found in every modern automobile. By combining data on, for instance, how much and what hours you drive with your speed, the number of times you slam on the brakes, and how often you rest on longer trips, they can assess your personal risk against known risk patterns. There’s no doubt that you’ve given away a healthy measure of privacy here. And in return? You really only have your assumption that your good choices and safe practices will lower your rates.

Going further down this path, would you provide diet and other lifestyle information to health insurers in exchange for lower rates? How about information about things you can’t control, like your genetic makeup?

Both of us are athletes, and we’re proud of our heart rates and HDL/LDL ratios. We’d gladly share data about our diets, exercise levels, and other related information for a discount on insurance premiums. We’re fairly certain the price tag for dealing with our pulled muscles, broken bones, or knee injuries is lower than the cost of treating chronic, lifestyle-induced illnesses that are common to other men in their 40s. So we think we’d come out ahead here. But will we?

It’s clear that both value and risk are always in the mix when selling privacy. With this in mind, we offer a simple, three-part framework for deciding where and when to do the deal:

You may want to sell your privacy when the value is clear and you know and can accept what you’re giving up in return. This is where homework needs to be done. You need to understand the motives of the party you’re trading with and what they have to gain. These need to align with your expectations and the degree to which you feel comfortable giving up your privacy. You may need to sell your privacy to claim your identity and protect yourself from being exploited. As Croll puts it, “Facebook and LinkedIn are the new DMV. Everyone has to go there.” That’s because more and more companies are using Facebook and LinkedIn profiles to verify customers’ identity on line, and to check people’s backgrounds, in much the same way they ask to see your driver’s license when you shop in person. People can debate the wisdom of this (and they should), but as the practice becomes more widespread, it introduces the prospect of a new kind of identity theft, if someone were to set up a bogus profile in your name on one of these platforms. That’s why, even though few customers come to us at APQC through Facebook, we created and support a Facebook page anyway to prevent anyone else from claiming our identity on that platform. Individuals should consider doing the same – with a photo — so they can control what’s posted and visible, and what remains private. You should only sell your privacy when it doesn’t require you to change behavior that you struggle to control. Overeaters, for instance, should carefully consider whether to pay for their fast-food meals with a smart phone app, however convenient. Not only will these businesses know your eating preferences, but if you’ve shared your location on your mobile device, they can send irresistible offers each time you’re near.

When we consulted knowledge management expert Tom Davenport, he summed up our view of the lengths to which businesses should be allowed to go simply and cogently this way: “As long as the use is voluntary, companies should be able to offer a variety of privacy/price tradeoffs to learn what the market will bear.”

Simple — but with that very important caveat about voluntary use. When data are captured and used without permission, as facial recognition software does in stores or in the public square, new norms and probably legal standards need to be established. We can’t determine the threshold or price for transactions we don’t authorize.

Before deciding to sell our personal information, we need to be clear about what people want to know about us, why they want to know it, how and when they intend to collect that information, and what’s being offered to us in return. That’s a great deal to know from a marketplace that by and large would prefer to keep its intentions and options close to the vest.