Perceived Privacy Violation: Exploring the Malleability of Privacy Expectations
- 335 Downloads
Recent scholarship in business ethics has revealed the importance of privacy expectations as they relate to implicit privacy norms and the business practices that may violate these expectations. Yet, it is unclear how and when businesses may violate these expectations, factors that form or influence privacy expectations, or whether or not expectations have in fact been violated by company actions. This article reports the findings of three studies exploring how and when the corporate dissemination of consumer data violates privacy expectations. The results indicate that consumer sentiment is more negative following intentional releases of sensitive consumer data, but the effect of data dissemination is more complex than that of company intentionality and data sensitivity alone. Companies can effectively set, and re-affirm, privacy expectations via consent procedures preceding and succeeding data dissemination notifications. Although implied consent has become more widely used in practice, we show how explicit consent outperforms implied consent in these regards. Importantly, this research provides process evidence that identifies perceived violation of privacy expectations as the underlying mechanism to explain the deleterious effects, on consumer sentiment, when company actions are misaligned with consumers’ privacy expectations. Ethical implications for companies collecting and disseminating consumer information are offered.
KeywordsConsumer privacy Data dissemination Explicit consent Intentionality Personal data Implied consent Privacy infringement Sensitive information Social contract theory
Compliance with Ethical Standards
Conflict of interest
The authors declare that they have no conflict of interest.
- Ackerman, M. S., Cranor, L. F., & Reagle, J. (1999). Privacy in e-commerce: Examining user scenarios and privacy preferences. In Proceedings of the 1st ACM conference on electronic commerce (pp. 1–8).Google Scholar
- Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509–514.Google Scholar
- Altman, I. (1975). Environment and social behavior: Privacy, personal space, territory, and crowding. Monterey, CA: Brooks/Cole.Google Scholar
- Baca-Motes, K., Brown, A., Gneezy, A., Keenan, E. A., & Nelson, L. D. (2013). Commitment and behavior change: Evidence from the field. Journal of Consumer Research, 39(5), 1070–1084.Google Scholar
- Brenkert, G. G. (1981). Privacy, polygraphs and work. Business and Professional Ethics Journal, 1(1), 19–35.Google Scholar
- Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.Google Scholar
- Cranor, L. F. (2012). Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunications and High Technology Law, 10, 273.Google Scholar
- Dommeyer, C. J., & Gross, B. L. (2003). What consumers know and what they do: An investigation of consumer knowledge, awareness, and use of privacy protection strategies. Journal of Interactive Marketing, 17(2), 34–51.Google Scholar
- Donaldson, T., & Dunfee, T. W. (1994). Toward a unified conception of business ethics: Integrative social contracts theory. Academy of Management Review, 19(2), 252–284.Google Scholar
- Dunfee, T. W. (2006). A critical perspective of integrative social contracts theory: Recurring criticisms and next generation research topics. Journal of Business Ethics, 68(3), 303–328.Google Scholar
- Easton, R. B., Graber, M. A., Monnahan, J., & Hughes, J. (2007). Defining the scope of implied consent in the emergency department. The American Journal of Bioethics, 7(12), 35–38.Google Scholar
- Facebook (2013). Important message from Facebook’s white hat program. https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766. Accessed December 19, 2015.
- Federal Trade Commission. (2009). The CAN-SPAM Act: A compliance guide for business. https://www.ftc.gov/system/files/documents/plain-language/bus61-can-spam-act-compliance-guide-business.pdf. Accessed December 1, 2016.
- Federal Trade Commission. (2011). FTC charges deceptive privacy practices in Google’s rollout of its buzz social network. http://Ftc.Gov/Opa/2011/03/Googleshtm. Accessed December 1, 2016.
- Federal Trade Commission. (2014). Data brokers: A call for transparency and accountability. Www.Ftc.Gov/System/Files/Documents/Reports/Data-Brokers-Call-Transparency-Accountabilityreport-Federal-Trade-Commission-may-2014/140527databrokerreport.Pdf. Accessed December 1, 2016.
- Finkle, J. (2013). Adobe data breach more extensive than previously disclosed. Reuters, http://www.reuters.com/article/us-adobe-cyberattack-idUSBRE99S1DJ20131029. Accessed December 19, 2015.
- Fredrix, E. (2005). Ameritrade loses backup tape containing 200 K client files. http://usatoday30.usatoday.com/tech/news/computersecurity/infotheft/2005-04-20-ameritrade-files-lost_x.htm. Accessed December 1, 2016.
- Garcia, A. (2015). Target settles for $39 million over data breach. http://money.cnn.com/2015/12/02/news/companies/target-data-breach-settlement. Accessed September 1, 2016.
- Harris, K. D. (2016). California Data Breach Report 2012-2015. https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf. Accessed May 25, 2016.
- Hayes, A. F. (2013). Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. New York: Guilford Press.Google Scholar
- Heide, J. B., Wathne, K. H., & Rokkan, A. I. (2007). Interfirm monitoring, social contracts, and relationship outcomes. Journal of Marketing Research, 44(3), 425–433.Google Scholar
- Huh, Y. E., Vosgerau, J., & Morewedge, C. K. (2014). Social defaults: Observed choices become choice defaults. Journal of Consumer Research, 41(3), 746–760.Google Scholar
- Janssen, A., & Gevers, S. (2005). Explicit or implied consent and organ donation post-mortem: Does it matter. Medicine and Law, 24(3), 575–583.Google Scholar
- Johnson, E. J., Bellman, S., & Lohse, G. L. (2002). Defaults, framing and privacy: Why opting in-opting out. Marketing Letters, 13(1), 5–15.Google Scholar
- Johnson, E. J., & Goldstein, D. (2003). Do defaults save lives? Science, 302(5649), 1338–1339.Google Scholar
- Kang, J., & Hustvedt, G. (2014). Building trust between consumers and corporations: The role of consumer perceptions of transparency and social responsibility. Journal of Business Ethics, 125(2), 253–265.Google Scholar
- Kannan, K., Rees, J., & Sridhar, S. (2007). Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1), 69–91.Google Scholar
- Kelly, E. (2017). Congress tackles major privacy, surveillance issues. USA Today https://www.usatoday.com/story/news/politics/2017/04/12/congress-tackles-major-privacy-surveillance-issues/100335168. Accessed April 16, 2017.
- Kroft, S. (2014). The data brokers: Selling your personal information. CBS News. http://www.cbsnews.com/news/the-data-brokers-selling-your-personal-information/. Accessed October 5, 2015.
- Lombrozo, T. (2010). Causal–explanatory pluralism: How intentions, functions, and mechanisms influence causal ascriptions. Cognitive Psychology, 61(4), 303–332.Google Scholar
- Lowry, P. B., Posey, C., Roberts, T. L., & Bennett, R. J. (2014). Is your banker leaking your personal information? The roles of ethics and individual-level cultural characteristics in predicting organizational computer abuse. Journal of Business Ethics, 121(3), 385–401.Google Scholar
- Luo, X., Raithel, S., & Wiles, M. A. (2013). The impact of brand rating dispersion on firm value. Journal of Marketing Research, 50(3), 399–415.Google Scholar
- Madden, M. (2014). Public perceptions of privacy and security in the post-Snowden era. http://www.pewinternet.org/2014/11/12/public-privacy-perceptions. Accessed December 1, 2016.
- Martin, K. (2012). Diminished or just different? A factorial vignette study of privacy as a social contract. Journal of Business Ethics, 111(4), 519–539.Google Scholar
- Martin, K. (2015). Privacy notices as tabula rasa: An empirical investigation into how complying with a privacy notice is related to meeting privacy expectations online. Journal of Public Policy & Marketing, 34(2), 210–227.Google Scholar
- Martin, K. (2016). Understanding privacy online: Development of a social contract approach to privacy. Journal of Business Ethics, 137(3), 551–569.Google Scholar
- Martin, K., & Shilton, K. (2015). Why experience matters to privacy: How context-based experience moderates consumer privacy expectations for mobile applications. Journal of the Association for Information Science and Technology, 67(8), 1871–1882.Google Scholar
- Martin, K., & Shilton, K. (2016). Putting mobile application privacy in context: An empirical study of user privacy expectations for mobile devices. The Information Society, 32(3), 200–216.Google Scholar
- Micewski, E. R., & Troy, C. (2007). Business ethics–deontologically revisited. Journal of Business Ethics, 72(1), 17–25.Google Scholar
- Milne, G. R. (2000). Privacy and ethical issues in database/interactive marketing and public policy: A research framework and overview of the special issue. Journal of Public Policy & Marketing, 19(1), 1–6.Google Scholar
- Milne, G. R., & Bahl, S. (2010). Are there differences between consumers’ and marketers’ privacy expectations? A segment-and technology-level analysis. Journal of Public Policy & Marketing, 29(1), 138–149.Google Scholar
- Milne, G. R., & Culnan, M. J. (2004). Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. Journal of Interactive Marketing, 18(3), 15–29.Google Scholar
- Milne, G. R., Culnan, M. J., & Greene, H. (2006). A longitudinal assessment of online privacy notice readability. Journal of Public Policy & Marketing, 25(2), 238–249.Google Scholar
- Milne, G. R., & Gordon, M. E. (1993). Direct mail privacy-efficiency trade-offs within an implied social contract framework. Journal of Public Policy & Marketing, 12(2), 206–215.Google Scholar
- Mothersbaugh, L. D., Foxx, W. K., II, Beatty, S. E., & Wang, S. (2011). Disclosure antecedents in an online service context: The role of sensitivity of information. Journal of Service Research, 15(1), 76–98.Google Scholar
- Newman, G. E., Gorlin, M., & Dhar, R. (2014). When going green backfires: How firm intentions shape the evaluation of socially beneficial product enhancements. Journal of Consumer Research, 41(3), 823–839.Google Scholar
- Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79, 101–139.Google Scholar
- Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford, CA: Stanford Law Books.Google Scholar
- Nissenbaum, H. (2015). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics. doi: 10.1007/s11948-015-9674-9
- Nowak, G. J., & Phelps, J. (1997). Direct marketing and the use of individual-level consumer information: Determining how and when “privacy” matters. Journal of Interactive Marketing, 11(4), 94–108.Google Scholar
- Nunan, D., & Di Domenico, M. (2015). Big data: A normal accident waiting to happen? Journal of Business Ethics. doi: 10.1007/s10551-015-2904-x
- Ohm, P. (2015). Sensitive information. Southern California Law Review, 88(5), 1125–1196.Google Scholar
- Peslak, A. R. (2005). An ethical exploration of privacy and radio frequency identification. Journal of Business Ethics, 59(4), 327–345.Google Scholar
- Phelps, J., Nowak, G., & Ferrell, E. (2000). Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy & Marketing, 19(1), 27–41.Google Scholar
- Pizarro, D., Uhlmann, E., & Salovey, P. (2003). Asymmetry in judgments of moral blame and praise the role of perceived metadesires. Psychological Science, 14(3), 267–272.Google Scholar
- Pollach, I. (2005). A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62(3), 221–235.Google Scholar
- Quick, M., Hollowood, E., Miles, C., & Hampson, D. (2017). World’s biggest data breaches. Informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks. Accessed April 16, 2017.
- Robinson, S. L. (1996). Trust and breach of the psychological contract. Administrative Science Quarterly, 41(4), 574–599.Google Scholar
- Robinson, S. L., & Morrison, E. W. (2000). The development of psychological contract breach and violation: A longitudinal study. Journal of organizational Behavior, 21(5), 525–546.Google Scholar
- Rousseau, D. M. (1989). Psychological and implied contracts in organizations. Employee Responsibilities and Rights Journal, 2(2), 121–139.Google Scholar
- Russo-Spena, T., Tregua, M., & De Chiara, A. (2016). Trends and drivers in CSR disclosure: A focus on reporting practices in the automotive industry. Journal of Business Ethics, 1–16.Google Scholar
- Sheehan, K. B., & Hoy, M. G. (2000). Dimensions of privacy concern among online consumers. Journal of Public Policy & Marketing, 19(1), 62–73.Google Scholar
- Smith, N. C., Goldstein, D. G., & Johnson, E. J. (2013). Choice without awareness: Ethical and policy implications of defaults. Journal of Public Policy & Marketing, 32(2), 159–172.Google Scholar
- Stohl, C., Etter, M., Banghart, S., & Woo, D. (2015). Social media policies: Implications for contemporary notions of corporate social responsibility. Journal of Business Ethics. doi: 10.1007/s10551-015-2743-9
- Tom, G., Barnett, T., Lew, W., & Selmants, J. (1987). Cueing the consumer: The role of salient cues in consumer perception. Journal of Consumer Marketing, 4(2), 23–27.Google Scholar
- Veatch, R. M. (2007). Implied, presumed and waived consent: The relative moral wrongs of under-and over-informing. The American Journal of Bioethics, 7(12), 39–54.Google Scholar
- Walker, K. L. (2016). Surrendering information through the looking glass: Transparency, trust, and protection. Journal of Public Policy & Marketing, 35(1), 144–158.Google Scholar
- Zhou, W., & Piramuthu, S. (2015). Information relevance model of customized privacy for IoT. Journal of Business Ethics, 131(1), 19–30.Google Scholar