Senjie Bao
The University of Melbourne
Abstract
Internet has a huge impact on people’s life; however, internet also raises the issue of information privacy issue. This paper examines the impact of internet on its users’ information privacy and what are the major concerns as well as how internet users response to those concerns. As a conclusion, this paper believes internet has invaded users’ privacy and suggests few research areas to provide better understanding of internet privacy concerns and its relationship with user’s response, thus online companies can have better privacy practices.
Keywords
information privacy; internet privacy concerns; online privacy; privacy protection
Introduction
Information privacy is defined as individual’s ability to control his or her personal information (Westin 1967) and is one of the most discussed issues in the digital age (Culnan and Bies 2003). The advances in information technologies enable companies to provide personalized information and services to consumers based on the consumer’s personal information. On one hand, those personalized technologies can provide consumers much better user experience in using information systems and applications (Toch et al. 2012); however, on the other hand, consumers’ information privacy becomes more vulnerable (Hong and Thong 2013) and the need to collect consumers’ private information becomes a threat to consumer information privacy and may have negative impact on internet usage growth (Dinev & Hart, 2005).
Researchers have found that trust is one of the most important factors affecting consumers’ online purchasing behavior (Dinew & Hart, 2005) and information privacy is another greatest factor influencing the growth of electronic commerce (Son & Kim, 2008). However, internet users’ privacy has been seriously threatened according to several reports. A survey published on BusinessWeek (2000) shows a quarter Americans consider their information privacy was invaded. Another research shows more than three quarters Americans consider information collected by companies about them was actually very important information, but they do not have any form of control on that information which was collected and used by companies (Dinev & Hart 2005).
This paper examines several information systems papers on information privacy concerns and internet user’s privacy protective response to have a better understanding of internet technology’s impact on individuals’ information privacy. The first question this paper trying to answer is “what is privacy”. Given the concept of privacy has existed for more than 100 years; the conceptualization of privacy is still not consistent in academic literatures. Thus, the first question will explore the definitions of privacy and multi dimensions information privacy. The second question in this paper is “what are internet privacy concerns”. In this question, this paper trying to find out what is information privacy concerns in the context of internet environment and the dimensions if internet privacy concerns. The final question this paper trying to answer is “how internet users response to information privacy threats”. A better understanding of internet privacy concerns and how internet users respond to privacy threats can help online companies implement a better consumer privacy strategy which is critical to success in this information age.
Q1: What is privacy? – Multidimensional Definition
The concept of privacy has existed for more than a century in almost all disciplines of social science (Smith et al. 2011). However, academics have not reached a common definition of what is privacy even though numerous attempts have been made to combine all perspectives together. Smith et al. (2011) classified the definitions of privacy from different disciplines into two main categories namely valued-based and cognate-based. The value-based definition considers privacy as part of human rights and was the first definition of privacy. Under this category, privacy is also viewed as commodity when the privacy paradox was noted after applying this concept to consumer behavior. Privacy as commodity view considers privacy not purely as a human right but also an economic factor which can be calculated. The other category of definition of privacy, cognate-based conceptualization, was often used by psychologists focusing on individual’s perceptions and cognition instead of human rights. Under this category, privacy has been defined as a state by Westin (1967) with four sub states respectively intimacy, solitude, anonymity and reserve. Another cognate-based view considers privacy as control and has been developed by information systems researchers (Smith et al. 2011). In addition, Smith et al. (2011) points out that the general privacy concept includes both physical privacy and information privacy. Different from physical privacy which concerns about physical access to one’s surroundings and private places, information privacy concerns about access to one’s personal information.
The conceptualization and meaning of privacy are also dependent on the context. Acquisti (2004) argues that privacy should be defined as a category of multiple perspectives rather than a single concept and its value may different in different contexts. Basal et al. (2008) refers the context to the research discipline, when, where, who, with whom, why which may all affect the meaning of privacy. Based on this, Smith, Dinev and Xu (2011) summarize context types as (1) contextual sensitivity; (2) industry; (3) political context; and (4) technological applications.
In the context of information systems, Belanger and Crossler (2011) reviewed multiple definitions of information privacy in information systems research literature concluding that information privacy typically defined as control over one’s personal information especially the second use of the information.
Besides privacy’s multidimensional attributes, Smith et al. (2011) also argue that privacy is not anonymity, secrecy, confidentiality, security, and ethics. Refer to both Smith et al.’s research and Belanger and Crossler’s research, Pavlou (2011) points out that Belanger and Crossler base their research on a specific definition from information system discipline while Smith et al. focus on developing a cross disciplines definition of information privacy. Nonetheless, both papers are consistent with information systems literatures’ conceptualization of information privacy. However, Pavlou (2011) also noticed the conceptualization of information privacy was not a future research direction which implies there is little work can do to refine the definition of information privacy or the conceptualization of information may be difficult to reach a consensus.
Q2: What are the information privacy concerns about internet? – Internet privacy concerns
Information privacy concerns
Information privacy concerns are one of the most important research areas on privacy. Researchers usually try to explain different levels of information privacy concerns or to identify the impact of information concerns on several attributes such as the willingness to purchase online or provide personal information (Belanger & Crossler, 2011). Some academics define information privacy concerns as individuals’ concerns about organizations’ information privacy practices (Smith et al. 1996). Researchers have found that information privacy concerns can have influence on individuals’ decision making and preferences or willingness to provide personal identifiable information (Milberg et al. 2000) as well as individual’s willingness to adopt certain technologies such as using internet purchase.
Most researches on information privacy concerns focusing on two main streams: general information privacy concerns and internet privacy concerns (Belanger & Crossler, 2011). General information concerns were discovered before internet privacy concerns and have four dimensions, specifically, collection of data, errors in data, improper use of data, and unauthorized second use of personal information (Smith et al. 1996). The internet privacy concerns were developed few years later than general information privacy concerns and contain three dimensions namely data collection, information control, and privacy awareness (Malhotra et al. 2004). The later developed internet privacy concerns are more focusing on individuals’ willingness to transact but been less referenced in majority research as most researches are more related to initial information privacy issues rather than in the context of internet.
Internet Privacy Concerns
Internet privacy concerns (IPC) are a subclass of information privacy concerns and are representations of individuals’ perception on the personal information they provide through internet (Dinev & Hart 2006). Internet users now are having more knowledge on information technology and becoming more aware of their privacy on the internet. A report shows only 6 percent of Americans trust the websites could process their personal information and protect their data securely (Carroll 2002) while the internet is becoming a much more significant channel for companies to collect and transmit consumer personal information. Therefore, a better understanding of internet users’ information concerns is one of the fundamental factors to success in this information age.
There are many researchers attempted to conceptualize IPC; however, the conceptualizations of IPC are not consistent and the definitions and operationalization of the first-order factors are barely agreed (Hong & Thong 2013). For example, similar dimensions of IPCs can be defined and named differently from case to case. In addition, the measurement for IPC and information privacy concerns is significantly different (Hong & Thong 2013). The differences in measurement may bring difficulties to consolidate prior research findings. Thus, it is critical to develop a consistent perspective in measuring IPC in future research to resolve inconsistency and consolidate findings of prior research.
In a recent research, Hong and Thong (2013) conclude the dimensions of IPC as data collection, secondary use of personal information, information errors, unauthorized access to personal information, control over one’s personal information, and awareness of companies’ information privacy practices. Other relevant concerns but not directly related to IPC include individuals’ fear of being monitored or tracked when browsing the internet, identity issues, legal issues, application issues, and security issues.
Q3: How internet users respond to IPCs? – Information Privacy-Proactive Responses
Having analyzed internet privacy concerns, it is also critical to understand how internet users response to those IPCs. The concept of information privacy-proactive responses (IPPR) is recently been used by academics to define internet users’ response to internet information privacy threats and concerns which are caused by companies’ information practices. Internet users have IPCs when they are asked to provide personal identifiable information to companies through websites or applications. Under this situation, internet users may have several responses to IPC. Specifically, IPPR consists of three main categories of behavior that internet users may have which are: information provision, private action, and public action (Son & Kim, 2008). When internet users have some IPCs, their most possible way to response for protection of personal information is to decline to provide personal information and they can be classified into above categories based on how they respond to online companies’ mishandling their person information.
Information Provision
When having some online activities, most websites requires internet users to register and provide some personal information in the registration form. However, if the internet users are concerned about IPC, they usually refuse to provide personal information or provide incorrect information. Some personal information can also be collected by companies using analytic tools to analyze internet users’ online behavior without awareness of the users themselves. They may realize this only when they received targeted advertisements from online companies. Thus, internet users may reluctantly to provide personal identifiable information for online companies and two forms of response internet users may have are refusal and misrepresentation.
Private action
Research suggests that some consumers may often have some forms of private action including a boycott of a website or online company as well as share one’s negative experience with friends and relatives when they found their personal information was mishandled by the online company. Examples of this lost control of personal information various from receiving junk e-mail to online companies tracking users’ online activities and selling to other companies. Therefore, one form of private actions that internet users may take is removal from online companies’ database. Another form is to share negative experience which is expected to reduce the company’s sales and damage its reputation.
Public action
In addition to information provision and private action, internet users may also take public actions as a response to internet information threats. The main purpose of taking a public action is to find a way to remedy for information privacy threats. Two forms of public actions can be taken by internet users: direct complain to the online company and indirect complain to a third party. Internet users usually complain to third party only when they cannot get satisfactory redress from the online company.
Son and Kim (2008) developed a nomological model to understand how antecedents including IPC, perceived justice and social benefits from complaining affect IPPR. Their research result shows a different level of association between antecedents and IPPR which can provide a theoretical foundation for recommendations for online companies’ managers to take proactive actions. The study shows a general IPC association with six types of IPPR which confirms IPC can causing IPPR; however, the associations between each dimension of IPC and sic types of IPPR are not clear and need future research.
Conclusion and Future Research
Having answered the above three research questions, it can be concluded that the wide spread of internet technology has invaded internet users’ information privacy which causing internet user’s information privacy concerns. The definition and conceptualization of information privacy are various from discipline to discipline. In the information systems literature, information privacy often defined as individual’s control over his/her personal information. As a subclass of information privacy concerns, internet privacy concerns are also a multidimensional concept but research definitions were not consistent which may require future research. The third question answered how internet users may respond to information threats under certain circumstances. However, future research should also be performed to understand the relationships between dimensions of IPCs and types of IPPR to understand in a specific context, which type of IPPR might be adopted by internet users.
(Words count: 2120)
References
Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification. Proceedings of the 5th ACM Electronic Commerce Conference, New York: ACM Press, 21-29.
Bansal, G., Zahedi, F. & Gefen, D. (2008). The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms for building trust: a multiple-context investigation. Proceedings of 29th International Conference on Information Systems. Paris, France, December 14-17.
Belanger, F. & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS Quarterly 35(4), 1017-1041.
BusinessWeek. (2000, March 20). Business week/Harrie Pool: A growing Threat. Retrieved from: http://businessweek.com/2000/00_12/b3673010.htm
Carroll, B. (2002). Price of privacy: selling consumer databases in bankruptcy. Journal of Interactive Marketing 16(3), 47-58.
Culnan, M. J. & Bies, R. J. (2003). Consumer privacy: balancing economic and justice consideration. Journal of Social Issues 59(2), 323-342.
Dinev, T. & Hart, P. (2005). Internet privacy concerns and social awareness as determinants of internet to transact. International Journal of Electronic Commerce 10(2), 7-29.
Dinev, T. & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research 17(1), 61-80.
Hong, W. & Thong, J. Y. L. (2013). Internet privacy concerns: an integrated conceptualization and four empirical studies. MIS Quarterly 37(1), 275-298.
Malhotra, N. K., Kim, S. S. & Agarwal, J. (2004). Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Information Systems Research 15(4), 336-355.
Milberg, S. J., Smith, H. J. & Burke, S. J. (2000). Information privacy:corporate management and national regulation. Organizational Science 11(1), 35-57.
Pavlou, P. A. (2011). State of the information privacy literature: where are we now and where should we go. MIS Quarterly 35(4), 977-988.
Smith, H. J., Dinec, T. & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS Quarterly 35(4), 898-1015.
Smith, H. J., Milberg, S. J. & Burke, S. J. (1996). Information privacy: measuring individuals’ concerns about organization organizational practices. MIS Quarterly 20(2), 167-196.
Son, J. Y. & Kim, S. S. (2008). Internet users’ information privacy-protective responses: a taxonomy and a nomological model. MIS Quarterly 32(3), 503-529.
Toch, E., Wang, Y. & Cranor, L. F. (2012). Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems. User Model User-Adap Inter 22, 203-220. doi: 10.1001/s11257-011-9110-z.
Westin, A. F. (1967). Privacy and Freedom, New York: Atheneum.