This paper derives a preference for data privacy from consumers’ temptation utility. This approach facilitates a welfare analysis of different data privacy regulations, such as the GDPR enacted by the European Union and the CCPA enacted by the state of California, when a fraction of the consumers may succumb to targeted advertising of temptation goods. While sharing consumer data with firms improves firms’ matching efficiency of normal consumption goods, it also exposes weak-willed consumers to temptation goods. Despite that the GDPR and the CCPA give each consumer the choice to opt in or out of data sharing, these regulations may not provide sufficient protection for severely tempted consumers because of a negative externality in which the opt-in decision of some consumers reduces the anonymity of those who opt out. Our analysis also shows that the default choices instituted by the GDPR and the CCPA can lead to sharply different outcomes.