09.03.2016

Clarifying the Muddle Over Internet Privacy Concerns

Internet privacy concern (IPC) is a growing field of research and, much more widely, a worry in society due to the huge amount of personal information being gathered, stored, transmitted and published on the Internet. The problem is limited agreement about what it entails, and how to gauge people’s views on this subject and respond accordingly.

Consider, for example, that in different studies concerns about unauthorised access to personal information have been framed as “unauthorised access”, “information storage” and “unauthorised usage”. Each of these framing requires different kinds of response from website operators and policy makers. Moreover, for researchers, the lack of clarity means that there is inadequate understanding of just how concerned people are about Internet privacy.

Weiyin Hong and James YL Thong sought to address the inconsistencies in a study that offers an integrated conceptualisation of IPC that they also test in surveys of nearly 4,000 respondents. It clarifies the different dimensions of IPC and, also importantly, distinguishes between people’s perceptions about others’ actual behaviour and their expectations of others’ behaviour. “Our findings support the ‘talk is cheap’ problem where public surveys on privacy tend to show a higher demand for privacy protection from individuals than what they actually desire,” they said.

To conceptualise IPC, the authors did a comprehensive review of prior studies and were able to refine those findings into three unique dimensions of IPC: interaction management between the individual and website, information management of the individual’s personal information, and awareness of how the information was used and protected.

“Interaction management and information management represent two main areas from which online consumers’ privacy concerns may arise,” they said. “On the one hand, they are concerned about losing control of their personal information when interacting with websites, in terms of how it is collected and used. For example, many websites such as Expedia  use business intelligence software to track consumers’ search behaviour and use the data to predict consumers’ needs and make personalised recommendations. While that may provide convenience to consumers, it also raises their privacy concerns about the websites using their personal data without their approval. Online consumers are also concerned whether websites are doing their best to protect the confidentiality of their personal information.”

“Awareness is somewhat independent of these concerns because no matter what interaction management or information management practices are adopted by a website, it can choose to let individuals be aware of them or not. For example a website may or may not inform individuals when their personal information is collected, or even when it is jeopardised by unauthorised access to the website’s database. The US Federal Trade Commission surveyed 1,400 websites and found 92 per cent collected data about visitors but only 14 per cent revealed how the data was used. Hence, individuals’ information privacy could be infringed without their awareness of the information and interaction management practices of the website.”

The authors identified six “lower-order”, or more concrete, factors that were embedded in these IPC concerns. These included the collection of data, secondary usage of the data for a purpose other than that authorised by the individual, errors in personal data collected, improper access to the data by people not authorised to do so, control by the individual over his or her personal data held by a website, and individuals’ awareness of the information privacy practices by websites.

This fuller definition of IPC provides a framework for other researchers to study the matter with greater clarity. It also has practical implications for website owners and policy makers, who can use the framework to identify the key aspects of individual IPC in a particular context and thereby develop corresponding privacy management practices. The wording of privacy items is also shown to be important – for instance, whether they are presented as perceptions or expectations – which can guide policy makers in devising public surveys on the issue.

HONG, Weiyin

Associate Professor
Information Systems, Business Statistics & Operations Management

THONG, James Y L

Michael Jebsen Professor of Business, Chair Professor
Information Systems, Business Statistics & Operations Management